{"id":5234,"name":"Microsoft.Identity.Web","ecosystem":"nuget","repository_url":null,"issues_count":433,"created_at":"2025-06-06T17:08:29.992Z","updated_at":"2025-06-06T17:08:29.992Z","purl":"pkg:nuget/Microsoft.Identity.Web","unique_repositories_count":56,"unique_repositories_count_past_30_days":6,"recent_issues":[{"uuid":"4552630415","node_id":"PR_kwDOC4rwTc7g22z_","number":1598,"state":"open","title":"Bump Microsoft.Identity.Web and Microsoft.Identity.Web.UI","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T01:06:49.000Z","updated_at":"2026-05-30T01:07:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.Identity.Web.UI","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.9.0 to 4.10.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.10.0\n\n### New features\n- Add `WithExtraBodyParameters` fluent API for attaching extra body parameters to token acquisition requests. See [#​3819](https://github.com/AzureAD/microsoft-identity-web/pull/3819).\n- Add `IConfidentialClientApplicationProvider` extensibility interface and `CachePartitionKey` support for silent token acquisition. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n\n### Bug fixes\n- Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See [#​3825](https://github.com/AzureAD/microsoft-identity-web/pull/3825).\n- Reject dSTS-shaped `Authority` values with a clearer exception, steering users to use `Instance` + `TenantId` instead. See [#​3805](https://github.com/AzureAD/microsoft-identity-web/pull/3805).\n- Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See [#​3811](https://github.com/AzureAD/microsoft-identity-web/pull/3811).\n\n### Behavior changes\n- **B2C OpenID Connect event handler: LRU cache for issuer address.** Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See [#​3821](https://github.com/AzureAD/microsoft-identity-web/pull/3821).\n\n### Dependencies updates\n- Update MSAL.NET to 4.84.1. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n- Pin `Microsoft.Kiota.Abstractions` to 1.22.0 for GraphServiceClient. See [#​3817](https://github.com/AzureAD/microsoft-identity-web/pull/3817).\n- Bump `uuid` and `@​azure/msal-node` in SidecarAdapter TypeScript test app. See [#​3826](https://github.com/AzureAD/microsoft-identity-web/pull/3826).\n- Bump `qs` in SidecarAdapter TypeScript test app. See [#​3829](https://github.com/AzureAD/microsoft-identity-web/pull/3829).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.9.0...4.10.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.Identity.Web.UI](https://github.com/AzureAD/microsoft-identity-web) from 4.9.0 to 4.10.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web.UI's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.10.0\n\n### New features\n- Add `WithExtraBodyParameters` fluent API for attaching extra body parameters to token acquisition requests. See [#​3819](https://github.com/AzureAD/microsoft-identity-web/pull/3819).\n- Add `IConfidentialClientApplicationProvider` extensibility interface and `CachePartitionKey` support for silent token acquisition. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n\n### Bug fixes\n- Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See [#​3825](https://github.com/AzureAD/microsoft-identity-web/pull/3825).\n- Reject dSTS-shaped `Authority` values with a clearer exception, steering users to use `Instance` + `TenantId` instead. See [#​3805](https://github.com/AzureAD/microsoft-identity-web/pull/3805).\n- Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See [#​3811](https://github.com/AzureAD/microsoft-identity-web/pull/3811).\n\n### Behavior changes\n- **B2C OpenID Connect event handler: LRU cache for issuer address.** Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See [#​3821](https://github.com/AzureAD/microsoft-identity-web/pull/3821).\n\n### Dependencies updates\n- Update MSAL.NET to 4.84.1. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n- Pin `Microsoft.Kiota.Abstractions` to 1.22.0 for GraphServiceClient. See [#​3817](https://github.com/AzureAD/microsoft-identity-web/pull/3817).\n- Bump `uuid` and `@​azure/msal-node` in SidecarAdapter TypeScript test app. See [#​3826](https://github.com/AzureAD/microsoft-identity-web/pull/3826).\n- Bump `qs` in SidecarAdapter TypeScript test app. See [#​3829](https://github.com/AzureAD/microsoft-identity-web/pull/3829).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.9.0...4.10.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1598","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1598","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1598/packages"},{"uuid":"4381132068","node_id":"PR_kwDORIP3Rs7YPhB7","number":130,"state":"open","title":"deps(nuget): Bump Microsoft.Identity.Web from 4.8.0 to 4.9.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-05T02:47:05.000Z","updated_at":"2026-05-06T05:37:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(nuget): Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.8.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.8.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0).\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/PlagueHO/prompt-babbler/130)\n\u003c!-- Reviewable:end --\u003e","html_url":"https://github.com/PlagueHO/prompt-babbler/pull/130","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PlagueHO%2Fprompt-babbler/issues/130","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/130/packages"},{"uuid":"4379896696","node_id":"PR_kwDOInX5bM7YLfWi","number":190,"state":"open","title":"Bump Microsoft.Identity.Web from 4.8.0 to 4.9.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T21:48:10.000Z","updated_at":"2026-05-04T21:51:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.8.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.8.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.8.0\u0026new-version=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onebeyond/onebeyond-studio-core/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onebeyond%2Fonebeyond-studio-core/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"},{"uuid":"4375621740","node_id":"PR_kwDOGUnxSc7X9U3z","number":121,"state":"open","title":"Bump Microsoft.Identity.Web from 3.1.0 to 4.9.0","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T10:02:41.000Z","updated_at":"2026-05-04T10:02:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"3.1.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 3.1.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\n## 3.6.2\n\n3.6.2\n========\n- Updated to Microsoft.Identity.Abstractions [8.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.0.0)\n\n## Fundamentals\n- Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue [#​3212](https://github.com/AzureAD/microsoft-identity-web/issues/3212) for details.\n\n## What's Changed\n* Bump the notsecurity group across 1 directory with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3211\n* Suppress TFM Build Warnings by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3210\n* Fixing 3212 and cleaning-up technical debt by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3213\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.1...3.6.2\n\n## 3.6.1\n\n3.6.1\n========\n- Updated to Microsoft.Identity.Abstractions [7.2.1](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/7.2.1)\n\n## 3.6.0\n\n3.6.0\n========\n- Updated to Microsoft.IdentityModel.* 8.3.1\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.67.2\n\n## Bug fixes\n- Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See https://github.com/AzureAD/microsoft-identity-web/pull/3131\n- Remove explicit locking in `OpenIdConnectCachingSecurityTokenProvider`. See Issue [#​3078](https://github.com/AzureAD/microsoft-identity-web/issues/3078)\n\n\n## Fundamentals\n- Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See https://github.com/AzureAD/microsoft-identity-web/pull/3183\n- Re-add code coverage comments \u0026 scope to src files. See https://github.com/AzureAD/microsoft-identity-web/issues/3177\n\n## What's Changed\n* Update changelog.md by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3161\n* Update global.json by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3163\n* Use ExtraQP to inject telemetry SDK ID by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2973\n* Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3168\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3169\n* Treat warnings as errors by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3166\n* Revert: Warning Quality Check Build Task by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3172\n* fix warnings in idweb and readd warnings as errors by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3173\n* Add checks to protect the internal claims used by MIW. Ref: issue #​2968 by @​DOMZE in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* use only src files and re-add comments by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3176\n* Update dotnet actions by @​sebastienros in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* - Fixes 3181 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3183\n* Add retry logic to stabilize flaky UI tests by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3180\n* Add null handling for process output/error data in UiTestHelpers by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3184\n* package updates from dependabot by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3185\n* Fix E2E tests persistent flakiness + build hanging by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3188\n* Revert WaitForProcess in UI Tests by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3189\n* Update to use MSAL 4.67.1 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n* Update to use MSAL 4.67.2 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3200\n* Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3202\n* 3.6.0 changelog by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3203\n\n## New Contributors\n* @​DOMZE made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* @​sebastienros made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* @​gladjohn made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.5.0...3.6.0\n\n## 3.5.0\n\n## Bug fixes\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Dont modify the merged options when building the confidential client. See https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n## Fundamentals\n* Install all .NET versions in pipeline, including .NET 9. See https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13. See https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json. See https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Disable Coverage PR comments. See in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n\n## What's Changed\n* Install all .NET versions in pipeline to fix run tests task by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Disable Coverage PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n* Dont modify the merged options when building the confidential client by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.4.0...3.5.0\n\n## 3.4.0\n\n3.4.0\n========\n- Updated to Microsoft.IdentityModel.* 8.2.1\n- Updated to Microsoft.Identity.Abstractions 7.2.0\n\n### New features\n- Add ROPC flow support for confidential client applications. See [3091](https://github.com/AzureAD/microsoft-identity-web/issues/3091), [3129](https://github.com/AzureAD/microsoft-identity-web/issues/3129), [3139](https://github.com/AzureAD/microsoft-identity-web/issues/3139).\n- Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See [3121](https://github.com/AzureAD/microsoft-identity-web/issues/3121), [3132](https://github.com/AzureAD/microsoft-identity-web/pull/3132).\n- Update to use .NET 9 GA. See [3127](https://github.com/AzureAD/microsoft-identity-web/issues/3127).\n\n## What's Changed\n* Add API and make ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n* Fixing the ROPC test that broke the build by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3133\n* Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3132\n* Add extensibility to update parameters for ROPC flow by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3130\n* Declare ROPC extensions in net 9 API by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3136\n* update dependencies to .net 9 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3141\n* Update the extensibility to add user by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3140\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3134\n* update playwright and remove net9.0 for UI tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3148\n* Update changelog 3.4.0. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3149\n* update wilson post-release by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3150\n\n## New Contributors\n* @​neha-bhargava made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.1...3.4.0\n\n## 3.3.1\n\n3.3.1\n========\n- Updated to Microsoft.IdentityModel.* 8.2.0\n\n### Supportability\n- Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the `appsettings.json`, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:\n`\"$schema\": \"https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json\"`\nThis update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR [#​3119](https://github.com/AzureAD/microsoft-identity-web/pull/3119) for details.\n\n### Fundamentals\n- Fix a flaky test in the L1L2Cache tests. See PR [#​3122](https://github.com/AzureAD/microsoft-identity-web/pull/3122) for details.\n\n## What's Changed\n* Update changelog.md to fix release 3.2.2 which had a breaking change by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3116\n* Bump the notsecurity group with 19 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3115\n* Adding a json schema for Microsoft.Identity.Web configuration by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3119\n* Fixed flaky tests by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n* Update changelog.md 3.3.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3123\n* Add Ask Mode Change Template by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3110\n\n## New Contributors\n* @​alexholub113 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.0...3.3.1\n\n## 3.3.0\n\n3.3.0\n========\n- Updated to Microsoft.Identity.Client 4.66.0\n- Update system.Text.Json to 8.0.5 CVE-2024-43485\n- Updated to .NET 9 RC2\n \n### New features\n- Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see [#​2975](https://github.com/AzureAD/microsoft-identity-web/issues/2975)\n\n### Fundamentals\n- Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n- ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096. Thank you!\n- Onboarded to Threading Analyzers. For details, see [#​3052](https://github.com/AzureAD/microsoft-identity-web/issues/3052)\n- display code coverage as PR comments\n- Fix flaky EncryptionTestAsync on .NET 9.\n\n## What's Changed\n* Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3069\n* Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3073\n* Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3072\n* Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3070\n* update system.Text.Json to 8.0.5 CVE-2024-43485 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3074\n* another update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3075\n* Onboard Id Web to Threading Analyzers by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3041\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3082\n* Align editor config with other libraries by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3079\n* Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3085\n* Use nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3083\n* Fix EncryptionTestAsync on .NET 9 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3088\n* Update GitHub Action to run unit tests by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3089\n* Update template-install-dependencies.yaml by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3092\n* Fix DevEx and IDDP builds by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3093\n* Mark IdWeb APIs as shipped by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3086\n* Update version by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3094\n* Split aot compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n* ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n* update to MSAL 4.66 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3095\n* Remove swagger dependencies by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3099\n* Upgrade versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3098\n* Upgrading MSAL version by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3104\n* Grouping Dependabot Updates by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3105\n* Microsoft.Identity.Web token acquisition extensions by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3005\n* display code coverage as PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3107\n* Use Nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3112\n* Update changelog.md for 3.3.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3113\n\n## New Contributors\n* @​guardrex made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.2...3.3.0\n\n## 3.2.2\n\n3.2.2\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.2\n\n## 3.2.1\n\n3.2.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.1\n\n## What's Changed\n* update id web after releases by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3035\n* update net 9 version to rc 1 in build script by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3036\n* add disable discover enumeration = true for theory tests by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3042\n* Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3040\n* Removed ConfigureAwait(false) from flaky tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3045\n* removed ConfigureAwait(false) from all tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3051\n* 3.2.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3054\n* update xunit versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3053\n* IdentityModel 8.1.1 update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3056\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.0...3.2.1\n\n## 3.2.0\n\n3.2.0\n=========\n- Updated to Microsoft.Identity.Abstractions 7.1.0\n- Updated to Microsoft.IdentityModel.* 8.1.0\n- Updated to Microsoft.Identity.Client 4.64.1\n \n### New ....\n\n_Description has been truncated_","html_url":"https://github.com/Azure-Samples/ms-identity-docs-code-dotnet/pull/121","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure-Samples%2Fms-identity-docs-code-dotnet/issues/121","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/121/packages"},{"uuid":"4375596024","node_id":"PR_kwDOMbHfec7X9Pbo","number":116,"state":"closed","title":"Bump Microsoft.Identity.Web from 3.14.1 to 4.9.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-02T01:28:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T09:58:36.000Z","updated_at":"2026-06-02T01:28:56.000Z","time_to_close":2475018,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"3.14.1","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 3.14.1 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/3.1.4.1...4.9.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=3.14.1\u0026new-version=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoftgraph/msgraph-sample-copilot-plugin/pull/116","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoftgraph%2Fmsgraph-sample-copilot-plugin/issues/116","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/116/packages"},{"uuid":"4374652102","node_id":"PR_kwDOGO-JJ87X6HcI","number":5363,"state":"open","title":"nuget-external-id-backend: Bump Microsoft.Identity.Web from 4.6.0 to 4.9.0","user":"dependabot[bot]","labels":["dependencies","nuget","target: Entra ID External ID"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T07:15:02.000Z","updated_at":"2026-05-15T05:37:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"nuget-external-id-backend: Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.6.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.6.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.9.0).\n\u003c/details\u003e","html_url":"https://github.com/AlesInfiny/maris/pull/5363","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlesInfiny%2Fmaris/issues/5363","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5363/packages"},{"uuid":"4367765616","node_id":"PR_kwDOC4rwTc7XlilJ","number":1584,"state":"open","title":"Bump Microsoft.Identity.Web and Microsoft.Identity.Web.UI","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T03:33:02.000Z","updated_at":"2026-05-17T23:21:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.Identity.Web.UI","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.7.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.7.0...4.9.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.Identity.Web.UI](https://github.com/AzureAD/microsoft-identity-web) from 4.7.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web.UI's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.7.0...4.9.0).\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1584","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1584","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1584/packages"},{"uuid":"4333436186","node_id":"PR_kwDOCN3Hts7V10e3","number":215,"state":"closed","title":"Bump Microsoft.Identity.Web from 3.6.2 to 4.8.0","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-27T06:05:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T06:04:59.000Z","updated_at":"2026-04-27T06:06:01.000Z","time_to_close":60,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"3.6.2","new_version":"4.8.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 3.6.2 to 4.8.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...4.8.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=3.6.2\u0026new-version=4.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/pull/215","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure-Samples%2Factive-directory-dotnetcore-daemon-v2/issues/215","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/215/packages"},{"uuid":"4300388918","node_id":"PR_kwDOKPjTy87UL4x2","number":122,"state":"closed","title":"Bump Microsoft.Identity.Web from 2.15.3 to 4.8.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-04T05:25:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-21T05:03:06.000Z","updated_at":"2026-05-04T05:25:45.000Z","time_to_close":1124557,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"2.15.3","new_version":"4.8.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 2.15.3 to 4.8.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\n## 3.6.2\n\n3.6.2\n========\n- Updated to Microsoft.Identity.Abstractions [8.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.0.0)\n\n## Fundamentals\n- Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue [#​3212](https://github.com/AzureAD/microsoft-identity-web/issues/3212) for details.\n\n## What's Changed\n* Bump the notsecurity group across 1 directory with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3211\n* Suppress TFM Build Warnings by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3210\n* Fixing 3212 and cleaning-up technical debt by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3213\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.1...3.6.2\n\n## 3.6.1\n\n3.6.1\n========\n- Updated to Microsoft.Identity.Abstractions [7.2.1](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/7.2.1)\n\n## 3.6.0\n\n3.6.0\n========\n- Updated to Microsoft.IdentityModel.* 8.3.1\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.67.2\n\n## Bug fixes\n- Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See https://github.com/AzureAD/microsoft-identity-web/pull/3131\n- Remove explicit locking in `OpenIdConnectCachingSecurityTokenProvider`. See Issue [#​3078](https://github.com/AzureAD/microsoft-identity-web/issues/3078)\n\n\n## Fundamentals\n- Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See https://github.com/AzureAD/microsoft-identity-web/pull/3183\n- Re-add code coverage comments \u0026 scope to src files. See https://github.com/AzureAD/microsoft-identity-web/issues/3177\n\n## What's Changed\n* Update changelog.md by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3161\n* Update global.json by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3163\n* Use ExtraQP to inject telemetry SDK ID by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2973\n* Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3168\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3169\n* Treat warnings as errors by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3166\n* Revert: Warning Quality Check Build Task by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3172\n* fix warnings in idweb and readd warnings as errors by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3173\n* Add checks to protect the internal claims used by MIW. Ref: issue #​2968 by @​DOMZE in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* use only src files and re-add comments by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3176\n* Update dotnet actions by @​sebastienros in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* - Fixes 3181 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3183\n* Add retry logic to stabilize flaky UI tests by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3180\n* Add null handling for process output/error data in UiTestHelpers by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3184\n* package updates from dependabot by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3185\n* Fix E2E tests persistent flakiness + build hanging by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3188\n* Revert WaitForProcess in UI Tests by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3189\n* Update to use MSAL 4.67.1 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n* Update to use MSAL 4.67.2 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3200\n* Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3202\n* 3.6.0 changelog by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3203\n\n## New Contributors\n* @​DOMZE made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* @​sebastienros made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* @​gladjohn made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.5.0...3.6.0\n\n## 3.5.0\n\n## Bug fixes\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Dont modify the merged options when building the confidential client. See https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n## Fundamentals\n* Install all .NET versions in pipeline, including .NET 9. See https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13. See https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json. See https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Disable Coverage PR comments. See in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n\n## What's Changed\n* Install all .NET versions in pipeline to fix run tests task by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Disable Coverage PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n* Dont modify the merged options when building the confidential client by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.4.0...3.5.0\n\n## 3.4.0\n\n3.4.0\n========\n- Updated to Microsoft.IdentityModel.* 8.2.1\n- Updated to Microsoft.Identity.Abstractions 7.2.0\n\n### New features\n- Add ROPC flow support for confidential client applications. See [3091](https://github.com/AzureAD/microsoft-identity-web/issues/3091), [3129](https://github.com/AzureAD/microsoft-identity-web/issues/3129), [3139](https://github.com/AzureAD/microsoft-identity-web/issues/3139).\n- Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See [3121](https://github.com/AzureAD/microsoft-identity-web/issues/3121), [3132](https://github.com/AzureAD/microsoft-identity-web/pull/3132).\n- Update to use .NET 9 GA. See [3127](https://github.com/AzureAD/microsoft-identity-web/issues/3127).\n\n## What's Changed\n* Add API and make ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n* Fixing the ROPC test that broke the build by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3133\n* Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3132\n* Add extensibility to update parameters for ROPC flow by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3130\n* Declare ROPC extensions in net 9 API by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3136\n* update dependencies to .net 9 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3141\n* Update the extensibility to add user by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3140\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3134\n* update playwright and remove net9.0 for UI tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3148\n* Update changelog 3.4.0. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3149\n* update wilson post-release by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3150\n\n## New Contributors\n* @​neha-bhargava made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.1...3.4.0\n\n## 3.3.1\n\n3.3.1\n========\n- Updated to Microsoft.IdentityModel.* 8.2.0\n\n### Supportability\n- Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the `appsettings.json`, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:\n`\"$schema\": \"https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json\"`\nThis update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR [#​3119](https://github.com/AzureAD/microsoft-identity-web/pull/3119) for details.\n\n### Fundamentals\n- Fix a flaky test in the L1L2Cache tests. See PR [#​3122](https://github.com/AzureAD/microsoft-identity-web/pull/3122) for details.\n\n## What's Changed\n* Update changelog.md to fix release 3.2.2 which had a breaking change by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3116\n* Bump the notsecurity group with 19 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3115\n* Adding a json schema for Microsoft.Identity.Web configuration by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3119\n* Fixed flaky tests by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n* Update changelog.md 3.3.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3123\n* Add Ask Mode Change Template by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3110\n\n## New Contributors\n* @​alexholub113 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.0...3.3.1\n\n## 3.3.0\n\n3.3.0\n========\n- Updated to Microsoft.Identity.Client 4.66.0\n- Update system.Text.Json to 8.0.5 CVE-2024-43485\n- Updated to .NET 9 RC2\n \n### New features\n- Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see [#​2975](https://github.com/AzureAD/microsoft-identity-web/issues/2975)\n\n### Fundamentals\n- Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n- ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096. Thank you!\n- Onboarded to Threading Analyzers. For details, see [#​3052](https://github.com/AzureAD/microsoft-identity-web/issues/3052)\n- display code coverage as PR comments\n- Fix flaky EncryptionTestAsync on .NET 9.\n\n## What's Changed\n* Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3069\n* Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3073\n* Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3072\n* Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3070\n* update system.Text.Json to 8.0.5 CVE-2024-43485 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3074\n* another update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3075\n* Onboard Id Web to Threading Analyzers by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3041\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3082\n* Align editor config with other libraries by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3079\n* Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3085\n* Use nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3083\n* Fix EncryptionTestAsync on .NET 9 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3088\n* Update GitHub Action to run unit tests by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3089\n* Update template-install-dependencies.yaml by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3092\n* Fix DevEx and IDDP builds by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3093\n* Mark IdWeb APIs as shipped by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3086\n* Update version by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3094\n* Split aot compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n* ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n* update to MSAL 4.66 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3095\n* Remove swagger dependencies by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3099\n* Upgrade versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3098\n* Upgrading MSAL version by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3104\n* Grouping Dependabot Updates by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3105\n* Microsoft.Identity.Web token acquisition extensions by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3005\n* display code coverage as PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3107\n* Use Nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3112\n* Update changelog.md for 3.3.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3113\n\n## New Contributors\n* @​guardrex made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.2...3.3.0\n\n## 3.2.2\n\n3.2.2\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.2\n\n## 3.2.1\n\n3.2.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.1\n\n## What's Changed\n* update id web after releases by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3035\n* update net 9 version to rc 1 in build script by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3036\n* add disable discover enumeration = true for theory tests by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3042\n* Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3040\n* Removed ConfigureAwait(false) from flaky tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3045\n* removed ConfigureAwait(false) from all tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3051\n* 3.2.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3054\n* update xunit versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3053\n* IdentityModel 8.1.1 update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3056\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.0...3.2.1\n\n## 3.2.0\n\n3.2.0\n=========\n- Updated to Microsoft.Identity.Abstractions 7.1.0\n- Updated to Microsoft.IdentityModel.* 8.1.0\n- Updated to Microsoft.Identity.Client 4.64.1\n \n### New features\n- In .NET 8 and above, `IDownstreamApi` overloads take a `JsonTypeInfo\u003cT\u003e` parameter to enable source generated JSON deserialization. See issue [#​2930](https://github.com/AzureAD/microsoft-identity-web/issues/2930) for details.\n\n### Bug fixes:\n- Azure region is used while creating application keys when the TokenAcquisition service caches application objects, and the TokenAcquirerFactory caches TokenAcquirer. See [#​3002](https://github.com/AzureAD/microsoft-identity-web/pull/3002) for details.\n- Improved error messages for FIC. See issue [#​3000](https://github.com/AzureAD/microsoft-identity-web/issues/3000) for details.\n\n### Fundamentals:\n- Improved test coverage for `GetCacheKey`. See PR [#​3020](https://github.com/AzureAD/microsoft-identity-web/pull/3020) for details.\n- Update to .NET 9-RC1. See issue [#​3025](https://github.com/AzureAD/microsoft-identity-web/issues/3025) for details.\n- Fix static analysis warnings. See PR [#​3024](https://github.com/AzureAD/microsoft-identity-web/pull/3024) for details.\n\n\n## 3.1.0\n\n3.1.0\n=========\n- Updated to Microsoft.IdentityModel.* 8.0.2\n\n### Security improvement:\n- Id Web now uses `CaseSensitiveClaimsIdentity` by default and provides AppContextSwitches to fallback to using `ClaimsIdentity`. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR [#​2977](https://github.com/AzureAD/microsoft-identity-web/pull/2977) for details.\n\n### Bug fixes:\n- For SN/I scenarios, Id Web's `GetTokenAcquirer` now sets `SendX5C` in particular protocols. See issue [#​2887](https://github.com/AzureAD/microsoft-identity-web/issues/2887) for details.\n- Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR [#​2954](https://github.com/AzureAD/microsoft-identity-web/issues/2954) for details.\n- Fix regex that threw a format exception: `The input string \" was not in a correct format` when enabling *same-site cookie compatibility* with userAgent: \"Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue [#​2879](https://github.com/AzureAD/microsoft-identity-web/issues/2879) for details.\n- Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR [#​2962](https://github.com/AzureAD/microsoft-identity-web/pull/2962) for details.\n  \n### Fundamentals:\n- Fix flakey tests: [#​2972](https://github.com/AzureAD/microsoft-identity-web/pull/2972), [#​2984](https://github.com/AzureAD/microsoft-identity-web/pull/2984), [#​2982](https://github.com/AzureAD/microsoft-identity-web/issues/2982), \n- Update to `AzureKeyVault@​2` in AzureDevOps, [#​2981](https://github.com/AzureAD/microsoft-identity-web/pull/2981).\n- Update to .NET 9-preview7, [#​2980](https://github.com/AzureA....\n\n_Description has been truncated_","html_url":"https://github.com/ITU-BDSA23-GROUP22/Chirp/pull/122","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ITU-BDSA23-GROUP22%2FChirp/issues/122","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/122/packages"},{"uuid":"4293260254","node_id":"PR_kwDOKPjTy87T0vxW","number":110,"state":"closed","title":"Bump Microsoft.Identity.Web from 2.15.3 to 4.7.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-20T05:16:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-20T05:16:28.000Z","updated_at":"2026-04-20T05:16:54.000Z","time_to_close":24,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"2.15.3","new_version":"4.7.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 2.15.3 to 4.7.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\n## 3.6.2\n\n3.6.2\n========\n- Updated to Microsoft.Identity.Abstractions [8.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.0.0)\n\n## Fundamentals\n- Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue [#​3212](https://github.com/AzureAD/microsoft-identity-web/issues/3212) for details.\n\n## What's Changed\n* Bump the notsecurity group across 1 directory with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3211\n* Suppress TFM Build Warnings by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3210\n* Fixing 3212 and cleaning-up technical debt by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3213\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.1...3.6.2\n\n## 3.6.1\n\n3.6.1\n========\n- Updated to Microsoft.Identity.Abstractions [7.2.1](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/7.2.1)\n\n## 3.6.0\n\n3.6.0\n========\n- Updated to Microsoft.IdentityModel.* 8.3.1\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.67.2\n\n## Bug fixes\n- Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See https://github.com/AzureAD/microsoft-identity-web/pull/3131\n- Remove explicit locking in `OpenIdConnectCachingSecurityTokenProvider`. See Issue [#​3078](https://github.com/AzureAD/microsoft-identity-web/issues/3078)\n\n\n## Fundamentals\n- Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See https://github.com/AzureAD/microsoft-identity-web/pull/3183\n- Re-add code coverage comments \u0026 scope to src files. See https://github.com/AzureAD/microsoft-identity-web/issues/3177\n\n## What's Changed\n* Update changelog.md by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3161\n* Update global.json by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3163\n* Use ExtraQP to inject telemetry SDK ID by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2973\n* Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3168\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3169\n* Treat warnings as errors by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3166\n* Revert: Warning Quality Check Build Task by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3172\n* fix warnings in idweb and readd warnings as errors by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3173\n* Add checks to protect the internal claims used by MIW. Ref: issue #​2968 by @​DOMZE in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* use only src files and re-add comments by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3176\n* Update dotnet actions by @​sebastienros in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* - Fixes 3181 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3183\n* Add retry logic to stabilize flaky UI tests by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3180\n* Add null handling for process output/error data in UiTestHelpers by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3184\n* package updates from dependabot by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3185\n* Fix E2E tests persistent flakiness + build hanging by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3188\n* Revert WaitForProcess in UI Tests by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3189\n* Update to use MSAL 4.67.1 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n* Update to use MSAL 4.67.2 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3200\n* Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3202\n* 3.6.0 changelog by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3203\n\n## New Contributors\n* @​DOMZE made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* @​sebastienros made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* @​gladjohn made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.5.0...3.6.0\n\n## 3.5.0\n\n## Bug fixes\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Dont modify the merged options when building the confidential client. See https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n## Fundamentals\n* Install all .NET versions in pipeline, including .NET 9. See https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13. See https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json. See https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Disable Coverage PR comments. See in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n\n## What's Changed\n* Install all .NET versions in pipeline to fix run tests task by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Disable Coverage PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n* Dont modify the merged options when building the confidential client by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.4.0...3.5.0\n\n## 3.4.0\n\n3.4.0\n========\n- Updated to Microsoft.IdentityModel.* 8.2.1\n- Updated to Microsoft.Identity.Abstractions 7.2.0\n\n### New features\n- Add ROPC flow support for confidential client applications. See [3091](https://github.com/AzureAD/microsoft-identity-web/issues/3091), [3129](https://github.com/AzureAD/microsoft-identity-web/issues/3129), [3139](https://github.com/AzureAD/microsoft-identity-web/issues/3139).\n- Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See [3121](https://github.com/AzureAD/microsoft-identity-web/issues/3121), [3132](https://github.com/AzureAD/microsoft-identity-web/pull/3132).\n- Update to use .NET 9 GA. See [3127](https://github.com/AzureAD/microsoft-identity-web/issues/3127).\n\n## What's Changed\n* Add API and make ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n* Fixing the ROPC test that broke the build by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3133\n* Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3132\n* Add extensibility to update parameters for ROPC flow by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3130\n* Declare ROPC extensions in net 9 API by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3136\n* update dependencies to .net 9 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3141\n* Update the extensibility to add user by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3140\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3134\n* update playwright and remove net9.0 for UI tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3148\n* Update changelog 3.4.0. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3149\n* update wilson post-release by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3150\n\n## New Contributors\n* @​neha-bhargava made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.1...3.4.0\n\n## 3.3.1\n\n3.3.1\n========\n- Updated to Microsoft.IdentityModel.* 8.2.0\n\n### Supportability\n- Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the `appsettings.json`, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:\n`\"$schema\": \"https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json\"`\nThis update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR [#​3119](https://github.com/AzureAD/microsoft-identity-web/pull/3119) for details.\n\n### Fundamentals\n- Fix a flaky test in the L1L2Cache tests. See PR [#​3122](https://github.com/AzureAD/microsoft-identity-web/pull/3122) for details.\n\n## What's Changed\n* Update changelog.md to fix release 3.2.2 which had a breaking change by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3116\n* Bump the notsecurity group with 19 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3115\n* Adding a json schema for Microsoft.Identity.Web configuration by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3119\n* Fixed flaky tests by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n* Update changelog.md 3.3.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3123\n* Add Ask Mode Change Template by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3110\n\n## New Contributors\n* @​alexholub113 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.0...3.3.1\n\n## 3.3.0\n\n3.3.0\n========\n- Updated to Microsoft.Identity.Client 4.66.0\n- Update system.Text.Json to 8.0.5 CVE-2024-43485\n- Updated to .NET 9 RC2\n \n### New features\n- Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see [#​2975](https://github.com/AzureAD/microsoft-identity-web/issues/2975)\n\n### Fundamentals\n- Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n- ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096. Thank you!\n- Onboarded to Threading Analyzers. For details, see [#​3052](https://github.com/AzureAD/microsoft-identity-web/issues/3052)\n- display code coverage as PR comments\n- Fix flaky EncryptionTestAsync on .NET 9.\n\n## What's Changed\n* Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3069\n* Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3073\n* Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3072\n* Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3070\n* update system.Text.Json to 8.0.5 CVE-2024-43485 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3074\n* another update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3075\n* Onboard Id Web to Threading Analyzers by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3041\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3082\n* Align editor config with other libraries by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3079\n* Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3085\n* Use nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3083\n* Fix EncryptionTestAsync on .NET 9 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3088\n* Update GitHub Action to run unit tests by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3089\n* Update template-install-dependencies.yaml by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3092\n* Fix DevEx and IDDP builds by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3093\n* Mark IdWeb APIs as shipped by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3086\n* Update version by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3094\n* Split aot compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n* ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n* update to MSAL 4.66 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3095\n* Remove swagger dependencies by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3099\n* Upgrade versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3098\n* Upgrading MSAL version by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3104\n* Grouping Dependabot Updates by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3105\n* Microsoft.Identity.Web token acquisition extensions by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3005\n* display code coverage as PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3107\n* Use Nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3112\n* Update changelog.md for 3.3.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3113\n\n## New Contributors\n* @​guardrex made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.2...3.3.0\n\n## 3.2.2\n\n3.2.2\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.2\n\n## 3.2.1\n\n3.2.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.1\n\n## What's Changed\n* update id web after releases by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3035\n* update net 9 version to rc 1 in build script by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3036\n* add disable discover enumeration = true for theory tests by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3042\n* Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3040\n* Removed ConfigureAwait(false) from flaky tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3045\n* removed ConfigureAwait(false) from all tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3051\n* 3.2.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3054\n* update xunit versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3053\n* IdentityModel 8.1.1 update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3056\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.0...3.2.1\n\n## 3.2.0\n\n3.2.0\n=========\n- Updated to Microsoft.Identity.Abstractions 7.1.0\n- Updated to Microsoft.IdentityModel.* 8.1.0\n- Updated to Microsoft.Identity.Client 4.64.1\n \n### New features\n- In .NET 8 and above, `IDownstreamApi` overloads take a `JsonTypeInfo\u003cT\u003e` parameter to enable source generated JSON deserialization. See issue [#​2930](https://github.com/AzureAD/microsoft-identity-web/issues/2930) for details.\n\n### Bug fixes:\n- Azure region is used while creating application keys when the TokenAcquisition service caches application objects, and the TokenAcquirerFactory caches TokenAcquirer. See [#​3002](https://github.com/AzureAD/microsoft-identity-web/pull/3002) for details.\n- Improved error messages for FIC. See issue [#​3000](https://github.com/AzureAD/microsoft-identity-web/issues/3000) for details.\n\n### Fundamentals:\n- Improved test coverage for `GetCacheKey`. See PR [#​3020](https://github.com/AzureAD/microsoft-identity-web/pull/3020) for details.\n- Update to .NET 9-RC1. See issue [#​3025](https://github.com/AzureAD/microsoft-identity-web/issues/3025) for details.\n- Fix static analysis warnings. See PR [#​3024](https://github.com/AzureAD/microsoft-identity-web/pull/3024) for details.\n\n\n## 3.1.0\n\n3.1.0\n=========\n- Updated to Microsoft.IdentityModel.* 8.0.2\n\n### Security improvement:\n- Id Web now uses `CaseSensitiveClaimsIdentity` by default and provides AppContextSwitches to fallback to using `ClaimsIdentity`. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR [#​2977](https://github.com/AzureAD/microsoft-identity-web/pull/2977) for details.\n\n### Bug fixes:\n- For SN/I scenarios, Id Web's `GetTokenAcquirer` now sets `SendX5C` in particular protocols. See issue [#​2887](https://github.com/AzureAD/microsoft-identity-web/issues/2887) for details.\n- Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR [#​2954](https://github.com/AzureAD/microsoft-identity-web/issues/2954) for details.\n- Fix regex that threw a format exception: `The input string \" was not in a correct format` when enabling *same-site cookie compatibility* with userAgent: \"Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue [#​2879](https://github.com/AzureAD/microsoft-identity-web/issues/2879) for details.\n- Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR [#​2962](https://github.com/AzureAD/microsoft-identity-web/pull/2962) for details.\n  \n### Fundamentals:\n- Fix flakey tests: [#​2972](https://github.com/AzureAD/microsoft-identity-web/pull/2972), [#​2984](https://github.com/AzureAD/microsoft-identity-web/pull/2984), [#​2982](https://github.com/AzureAD/microsoft-identity-web/issues/2982), \n- Update to `AzureKeyVault@​2` in AzureDevOps, [#​2981](https://github.com/AzureAD/microsoft-identity-web/pull/2981).\n- Update to .NET 9-preview7, [#​2980](https://github.com/AzureAD/microsoft-identity-web/pull/2980) and [#​2991](https://github.com/AzureAD/microsoft-identity-web/pull/2991).\n- It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion): [#​2974](https://github.com/AzureAD/microsoft-identity-web/pull/2974), [#​2990](https://github.com/AzureAD/microsoft-identity-web/pull/2990)\n\n## What's Changed\n* Add X5C to MSAuth POP by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2950\n* Update CSPROJ with README by @​localden in https://github.com/AzureAD/microsoft-identity-web/pull/2956\n* Fix Instance/Tenant Parsing for V2 Authority by @​jackj-msft in https://github.com/AzureAD/microsoft-identity-web/pull/2954\n* Check that regex succeeded and value is an integer. by @​brentschmaltz in https://github.com/AzureAD/microsoft-identity-web/pull/2958\n* Set upper bound on Abstractions by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/2962\n* Removing 2.x versions post 3.0.0-preview1 by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/2967\n* Fix test instability by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/2971\n* Fix AT POP tests by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/2972\n* Update to net 9 preview 7 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/2980\n* Updating AzureKeyVault task to version 2 by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/2981\n* [test] updates for one build by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2974\n* Disable ciam test by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/2983\n* Ensure that SimulateOidc is built before IntegrationTests (that use it) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/2984\n* skip more CIAM E2E tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2985\n* remove grpc in E2E test by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2986\n* Jennyf/fix slice by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2988\n* reenable other ciam test by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2989\n* Jennyf/client sem ver by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2990\n* Fix Id Web Build by @​FuPingFranco in https://github.com/AzureAD/microsoft-identity-web/pull/2991\n* Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors and AppContextSwitches for fallback by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/2977\n\n## New Contributors\n* @​localden made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/2956\n* @​jackj-msft made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/2954\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.0.1...3.1.0\n\n## 3.0.1\n\n3.0.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.0.1\n\n## 3.0.0\n\n3.0.0\n=========\n### CVE package updates\n[CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w)\n- See PR [#​2929](https://github.com/AzureAD/microsoft-identity-web/pull/2929) ....\n\n_Description has been truncated_","html_url":"https://github.com/ITU-BDSA23-GROUP22/Chirp/pull/110","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ITU-BDSA23-GROUP22%2FChirp/issues/110","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/110/packages"},{"uuid":"4214624189","node_id":"PR_kwDORIP3Rs7QWDcc","number":67,"state":"open","title":"deps(nuget): Bump Microsoft.Identity.Web from 4.5.0 to 4.7.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-06T23:46:38.000Z","updated_at":"2026-04-07T11:02:32.769Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(nuget): Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.5.0","new_version":"4.7.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.5.0 to 4.7.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.7.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.5.0\u0026new-version=4.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/PlagueHO/prompt-babbler/67)\n\u003c!-- Reviewable:end --\u003e\n","html_url":"https://github.com/PlagueHO/prompt-babbler/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PlagueHO%2Fprompt-babbler/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"},{"uuid":"4198679895","node_id":"PR_kwDOGO-JJ87PvI9T","number":5055,"state":"closed","title":"nuget-external-id-backend: Bump Microsoft.Identity.Web from 4.6.0 to 4.7.0","user":"dependabot[bot]","labels":["dependencies","nuget","target: Entra ID External ID"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-03T06:27:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T06:27:25.000Z","updated_at":"2026-04-03T06:27:33.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"nuget-external-id-backend: Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.6.0","new_version":"4.7.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.6.0 to 4.7.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.7.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.6.0\u0026new-version=4.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/AlesInfiny/maris/pull/5055","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlesInfiny%2Fmaris/issues/5055","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5055/packages"},{"uuid":"4036869391","node_id":"PR_kwDOC4rwTc7Io03L","number":1545,"state":"open","title":"Bump Microsoft.Identity.Web and Microsoft.Identity.Web.UI","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-07T01:08:37.000Z","updated_at":"2026-03-07T01:08:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.Identity.Web.UI","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.4.0 to 4.5.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/commits).\n\u003c/details\u003e\n\nUpdated [Microsoft.Identity.Web.UI](https://github.com/AzureAD/microsoft-identity-web) from 4.4.0 to 4.5.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web.UI's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/commits).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1545","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1545","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1545/packages"},{"uuid":"4016563535","node_id":"PR_kwDOGSmsxM7Hmi8o","number":3186,"state":"closed","title":"Bump Microsoft.Identity.Web and Microsoft.IdentityModel.Protocols.OpenIdConnect","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-05T20:53:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-03T13:02:43.000Z","updated_at":"2026-03-05T20:53:22.000Z","time_to_close":201037,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.IdentityModel.Protocols.OpenIdConnect","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.0.1 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.0.1...4.4.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.Protocols.OpenIdConnect](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Protocols.OpenIdConnect's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DFE-Digital/teaching-record-system/pull/3186","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DFE-Digital%2Fteaching-record-system/issues/3186","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3186/packages"},{"uuid":"4013732453","node_id":"PR_kwDOFWBTks7HdYzl","number":8419,"state":"closed","title":"Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-05T21:14:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-02T22:53:08.000Z","updated_at":"2026-03-05T21:14:15.000Z","time_to_close":253265,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.3.0...4.4.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/kiota-samples/pull/8419","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fkiota-samples/issues/8419","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8419/packages"},{"uuid":"4009175261","node_id":"PR_kwDOO-Ae787HOZnh","number":173,"state":"open","title":"deps: Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-02T04:14:06.000Z","updated_at":"2026-03-02T04:14:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.3.0...4.4.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/dragon-copilot-extension-samples/pull/173","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fdragon-copilot-extension-samples/issues/173","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/173/packages"},{"uuid":"4009050501","node_id":"PR_kwDORLHFXM7HOAks","number":13,"state":"open","title":"chore(deps): Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-02T03:21:30.000Z","updated_at":"2026-03-02T03:21:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.3.0...4.4.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Karinateii/PayGuard-AI/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Karinateii%2FPayGuard-AI/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"},{"uuid":"4003508283","node_id":"PR_kwDOC4rwTc7G89wn","number":1537,"state":"closed","title":"Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-28T01:05:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-28T01:05:06.000Z","updated_at":"2026-02-28T01:05:32.000Z","time_to_close":22,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/commits).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1537","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1537","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1537/packages"},{"uuid":"3807914168","node_id":"PR_kwDOGSmsxM684cdg","number":2976,"state":"open","title":"Bump Microsoft.Identity.Web and 2 others","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-13T09:14:06.000Z","updated_at":"2026-01-17T11:35:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"2 others"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.0.1 to 4.3.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.0.1...4.3.0).\n\u003c/details\u003e\n\nPinned [Microsoft.IdentityModel.Protocols.OpenIdConnect](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) at 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Protocols.OpenIdConnect's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for deta.....\n\n_Description has been truncated_","html_url":"https://github.com/DFE-Digital/teaching-record-system/pull/2976","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DFE-Digital%2Fteaching-record-system/issues/2976","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2976/packages"},{"uuid":"3791690454","node_id":"PR_kwDOIk5VP868D2Ii","number":856,"state":"open","title":"Bump Microsoft.Identity.Web from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["frasermolyneux"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-08T07:18:43.000Z","updated_at":"2026-01-08T07:21:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.2.0 to 4.3.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.2.0...4.3.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/frasermolyneux/portal-servers-integration/pull/856","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/frasermolyneux%2Fportal-servers-integration/issues/856","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/856/packages"}],"issue_packages":[{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-05-30T01:06:49.000Z","version_change":null,"issue":{"uuid":"4552630415","node_id":"PR_kwDOC4rwTc7g22z_","number":1598,"state":"open","title":"Bump Microsoft.Identity.Web and Microsoft.Identity.Web.UI","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-30T01:06:49.000Z","updated_at":"2026-05-30T01:07:20.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.Identity.Web.UI","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.9.0 to 4.10.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.10.0\n\n### New features\n- Add `WithExtraBodyParameters` fluent API for attaching extra body parameters to token acquisition requests. See [#​3819](https://github.com/AzureAD/microsoft-identity-web/pull/3819).\n- Add `IConfidentialClientApplicationProvider` extensibility interface and `CachePartitionKey` support for silent token acquisition. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n\n### Bug fixes\n- Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See [#​3825](https://github.com/AzureAD/microsoft-identity-web/pull/3825).\n- Reject dSTS-shaped `Authority` values with a clearer exception, steering users to use `Instance` + `TenantId` instead. See [#​3805](https://github.com/AzureAD/microsoft-identity-web/pull/3805).\n- Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See [#​3811](https://github.com/AzureAD/microsoft-identity-web/pull/3811).\n\n### Behavior changes\n- **B2C OpenID Connect event handler: LRU cache for issuer address.** Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See [#​3821](https://github.com/AzureAD/microsoft-identity-web/pull/3821).\n\n### Dependencies updates\n- Update MSAL.NET to 4.84.1. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n- Pin `Microsoft.Kiota.Abstractions` to 1.22.0 for GraphServiceClient. See [#​3817](https://github.com/AzureAD/microsoft-identity-web/pull/3817).\n- Bump `uuid` and `@​azure/msal-node` in SidecarAdapter TypeScript test app. See [#​3826](https://github.com/AzureAD/microsoft-identity-web/pull/3826).\n- Bump `qs` in SidecarAdapter TypeScript test app. See [#​3829](https://github.com/AzureAD/microsoft-identity-web/pull/3829).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.9.0...4.10.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.Identity.Web.UI](https://github.com/AzureAD/microsoft-identity-web) from 4.9.0 to 4.10.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web.UI's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.10.0\n\n### New features\n- Add `WithExtraBodyParameters` fluent API for attaching extra body parameters to token acquisition requests. See [#​3819](https://github.com/AzureAD/microsoft-identity-web/pull/3819).\n- Add `IConfidentialClientApplicationProvider` extensibility interface and `CachePartitionKey` support for silent token acquisition. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n\n### Bug fixes\n- Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See [#​3825](https://github.com/AzureAD/microsoft-identity-web/pull/3825).\n- Reject dSTS-shaped `Authority` values with a clearer exception, steering users to use `Instance` + `TenantId` instead. See [#​3805](https://github.com/AzureAD/microsoft-identity-web/pull/3805).\n- Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See [#​3811](https://github.com/AzureAD/microsoft-identity-web/pull/3811).\n\n### Behavior changes\n- **B2C OpenID Connect event handler: LRU cache for issuer address.** Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See [#​3821](https://github.com/AzureAD/microsoft-identity-web/pull/3821).\n\n### Dependencies updates\n- Update MSAL.NET to 4.84.1. See [#​3822](https://github.com/AzureAD/microsoft-identity-web/pull/3822).\n- Pin `Microsoft.Kiota.Abstractions` to 1.22.0 for GraphServiceClient. See [#​3817](https://github.com/AzureAD/microsoft-identity-web/pull/3817).\n- Bump `uuid` and `@​azure/msal-node` in SidecarAdapter TypeScript test app. See [#​3826](https://github.com/AzureAD/microsoft-identity-web/pull/3826).\n- Bump `qs` in SidecarAdapter TypeScript test app. See [#​3829](https://github.com/AzureAD/microsoft-identity-web/pull/3829).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.9.0...4.10.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1598","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1598","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1598/packages"}},{"old_version":"4.8.0","new_version":"4.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-05T02:47:05.000Z","version_change":"4.8.0 → 4.9.0","issue":{"uuid":"4381132068","node_id":"PR_kwDORIP3Rs7YPhB7","number":130,"state":"open","title":"deps(nuget): Bump Microsoft.Identity.Web from 4.8.0 to 4.9.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-05T02:47:05.000Z","updated_at":"2026-05-06T05:37:42.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(nuget): Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.8.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.8.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0).\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/PlagueHO/prompt-babbler/130)\n\u003c!-- Reviewable:end --\u003e","html_url":"https://github.com/PlagueHO/prompt-babbler/pull/130","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PlagueHO%2Fprompt-babbler/issues/130","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/130/packages"}},{"old_version":"4.8.0","new_version":"4.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-04T21:48:10.000Z","version_change":"4.8.0 → 4.9.0","issue":{"uuid":"4379896696","node_id":"PR_kwDOInX5bM7YLfWi","number":190,"state":"open","title":"Bump Microsoft.Identity.Web from 4.8.0 to 4.9.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T21:48:10.000Z","updated_at":"2026-05-04T21:51:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.8.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.8.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.8.0\u0026new-version=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/onebeyond/onebeyond-studio-core/pull/190","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/onebeyond%2Fonebeyond-studio-core/issues/190","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/190/packages"}},{"old_version":"3.1.0","new_version":"4.9.0","update_type":"major","path":null,"pr_created_at":"2026-05-04T10:02:41.000Z","version_change":"3.1.0 → 4.9.0","issue":{"uuid":"4375621740","node_id":"PR_kwDOGUnxSc7X9U3z","number":121,"state":"open","title":"Bump Microsoft.Identity.Web from 3.1.0 to 4.9.0","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T10:02:41.000Z","updated_at":"2026-05-04T10:02:43.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"3.1.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 3.1.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\n## 3.6.2\n\n3.6.2\n========\n- Updated to Microsoft.Identity.Abstractions [8.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.0.0)\n\n## Fundamentals\n- Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue [#​3212](https://github.com/AzureAD/microsoft-identity-web/issues/3212) for details.\n\n## What's Changed\n* Bump the notsecurity group across 1 directory with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3211\n* Suppress TFM Build Warnings by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3210\n* Fixing 3212 and cleaning-up technical debt by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3213\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.1...3.6.2\n\n## 3.6.1\n\n3.6.1\n========\n- Updated to Microsoft.Identity.Abstractions [7.2.1](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/7.2.1)\n\n## 3.6.0\n\n3.6.0\n========\n- Updated to Microsoft.IdentityModel.* 8.3.1\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.67.2\n\n## Bug fixes\n- Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See https://github.com/AzureAD/microsoft-identity-web/pull/3131\n- Remove explicit locking in `OpenIdConnectCachingSecurityTokenProvider`. See Issue [#​3078](https://github.com/AzureAD/microsoft-identity-web/issues/3078)\n\n\n## Fundamentals\n- Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See https://github.com/AzureAD/microsoft-identity-web/pull/3183\n- Re-add code coverage comments \u0026 scope to src files. See https://github.com/AzureAD/microsoft-identity-web/issues/3177\n\n## What's Changed\n* Update changelog.md by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3161\n* Update global.json by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3163\n* Use ExtraQP to inject telemetry SDK ID by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2973\n* Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3168\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3169\n* Treat warnings as errors by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3166\n* Revert: Warning Quality Check Build Task by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3172\n* fix warnings in idweb and readd warnings as errors by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3173\n* Add checks to protect the internal claims used by MIW. Ref: issue #​2968 by @​DOMZE in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* use only src files and re-add comments by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3176\n* Update dotnet actions by @​sebastienros in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* - Fixes 3181 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3183\n* Add retry logic to stabilize flaky UI tests by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3180\n* Add null handling for process output/error data in UiTestHelpers by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3184\n* package updates from dependabot by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3185\n* Fix E2E tests persistent flakiness + build hanging by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3188\n* Revert WaitForProcess in UI Tests by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3189\n* Update to use MSAL 4.67.1 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n* Update to use MSAL 4.67.2 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3200\n* Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3202\n* 3.6.0 changelog by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3203\n\n## New Contributors\n* @​DOMZE made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* @​sebastienros made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* @​gladjohn made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.5.0...3.6.0\n\n## 3.5.0\n\n## Bug fixes\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Dont modify the merged options when building the confidential client. See https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n## Fundamentals\n* Install all .NET versions in pipeline, including .NET 9. See https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13. See https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json. See https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Disable Coverage PR comments. See in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n\n## What's Changed\n* Install all .NET versions in pipeline to fix run tests task by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Disable Coverage PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n* Dont modify the merged options when building the confidential client by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.4.0...3.5.0\n\n## 3.4.0\n\n3.4.0\n========\n- Updated to Microsoft.IdentityModel.* 8.2.1\n- Updated to Microsoft.Identity.Abstractions 7.2.0\n\n### New features\n- Add ROPC flow support for confidential client applications. See [3091](https://github.com/AzureAD/microsoft-identity-web/issues/3091), [3129](https://github.com/AzureAD/microsoft-identity-web/issues/3129), [3139](https://github.com/AzureAD/microsoft-identity-web/issues/3139).\n- Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See [3121](https://github.com/AzureAD/microsoft-identity-web/issues/3121), [3132](https://github.com/AzureAD/microsoft-identity-web/pull/3132).\n- Update to use .NET 9 GA. See [3127](https://github.com/AzureAD/microsoft-identity-web/issues/3127).\n\n## What's Changed\n* Add API and make ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n* Fixing the ROPC test that broke the build by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3133\n* Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3132\n* Add extensibility to update parameters for ROPC flow by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3130\n* Declare ROPC extensions in net 9 API by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3136\n* update dependencies to .net 9 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3141\n* Update the extensibility to add user by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3140\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3134\n* update playwright and remove net9.0 for UI tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3148\n* Update changelog 3.4.0. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3149\n* update wilson post-release by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3150\n\n## New Contributors\n* @​neha-bhargava made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.1...3.4.0\n\n## 3.3.1\n\n3.3.1\n========\n- Updated to Microsoft.IdentityModel.* 8.2.0\n\n### Supportability\n- Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the `appsettings.json`, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:\n`\"$schema\": \"https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json\"`\nThis update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR [#​3119](https://github.com/AzureAD/microsoft-identity-web/pull/3119) for details.\n\n### Fundamentals\n- Fix a flaky test in the L1L2Cache tests. See PR [#​3122](https://github.com/AzureAD/microsoft-identity-web/pull/3122) for details.\n\n## What's Changed\n* Update changelog.md to fix release 3.2.2 which had a breaking change by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3116\n* Bump the notsecurity group with 19 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3115\n* Adding a json schema for Microsoft.Identity.Web configuration by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3119\n* Fixed flaky tests by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n* Update changelog.md 3.3.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3123\n* Add Ask Mode Change Template by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3110\n\n## New Contributors\n* @​alexholub113 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.0...3.3.1\n\n## 3.3.0\n\n3.3.0\n========\n- Updated to Microsoft.Identity.Client 4.66.0\n- Update system.Text.Json to 8.0.5 CVE-2024-43485\n- Updated to .NET 9 RC2\n \n### New features\n- Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see [#​2975](https://github.com/AzureAD/microsoft-identity-web/issues/2975)\n\n### Fundamentals\n- Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n- ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096. Thank you!\n- Onboarded to Threading Analyzers. For details, see [#​3052](https://github.com/AzureAD/microsoft-identity-web/issues/3052)\n- display code coverage as PR comments\n- Fix flaky EncryptionTestAsync on .NET 9.\n\n## What's Changed\n* Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3069\n* Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3073\n* Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3072\n* Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3070\n* update system.Text.Json to 8.0.5 CVE-2024-43485 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3074\n* another update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3075\n* Onboard Id Web to Threading Analyzers by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3041\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3082\n* Align editor config with other libraries by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3079\n* Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3085\n* Use nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3083\n* Fix EncryptionTestAsync on .NET 9 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3088\n* Update GitHub Action to run unit tests by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3089\n* Update template-install-dependencies.yaml by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3092\n* Fix DevEx and IDDP builds by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3093\n* Mark IdWeb APIs as shipped by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3086\n* Update version by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3094\n* Split aot compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n* ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n* update to MSAL 4.66 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3095\n* Remove swagger dependencies by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3099\n* Upgrade versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3098\n* Upgrading MSAL version by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3104\n* Grouping Dependabot Updates by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3105\n* Microsoft.Identity.Web token acquisition extensions by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3005\n* display code coverage as PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3107\n* Use Nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3112\n* Update changelog.md for 3.3.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3113\n\n## New Contributors\n* @​guardrex made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.2...3.3.0\n\n## 3.2.2\n\n3.2.2\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.2\n\n## 3.2.1\n\n3.2.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.1\n\n## What's Changed\n* update id web after releases by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3035\n* update net 9 version to rc 1 in build script by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3036\n* add disable discover enumeration = true for theory tests by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3042\n* Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3040\n* Removed ConfigureAwait(false) from flaky tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3045\n* removed ConfigureAwait(false) from all tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3051\n* 3.2.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3054\n* update xunit versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3053\n* IdentityModel 8.1.1 update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3056\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.0...3.2.1\n\n## 3.2.0\n\n3.2.0\n=========\n- Updated to Microsoft.Identity.Abstractions 7.1.0\n- Updated to Microsoft.IdentityModel.* 8.1.0\n- Updated to Microsoft.Identity.Client 4.64.1\n \n### New ....\n\n_Description has been truncated_","html_url":"https://github.com/Azure-Samples/ms-identity-docs-code-dotnet/pull/121","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure-Samples%2Fms-identity-docs-code-dotnet/issues/121","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/121/packages"}},{"old_version":"3.14.1","new_version":"4.9.0","update_type":"major","path":null,"pr_created_at":"2026-05-04T09:58:36.000Z","version_change":"3.14.1 → 4.9.0","issue":{"uuid":"4375596024","node_id":"PR_kwDOMbHfec7X9Pbo","number":116,"state":"closed","title":"Bump Microsoft.Identity.Web from 3.14.1 to 4.9.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-06-02T01:28:54.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-04T09:58:36.000Z","updated_at":"2026-06-02T01:28:56.000Z","time_to_close":2475018,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"3.14.1","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 3.14.1 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/3.1.4.1...4.9.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=3.14.1\u0026new-version=4.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoftgraph/msgraph-sample-copilot-plugin/pull/116","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoftgraph%2Fmsgraph-sample-copilot-plugin/issues/116","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/116/packages"}},{"old_version":"4.6.0","new_version":"4.9.0","update_type":"minor","path":null,"pr_created_at":"2026-05-04T07:15:02.000Z","version_change":"4.6.0 → 4.9.0","issue":{"uuid":"4374652102","node_id":"PR_kwDOGO-JJ87X6HcI","number":5363,"state":"open","title":"nuget-external-id-backend: Bump Microsoft.Identity.Web from 4.6.0 to 4.9.0","user":"dependabot[bot]","labels":["dependencies","nuget","target: Entra ID External ID"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-04T07:15:02.000Z","updated_at":"2026-05-15T05:37:09.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"nuget-external-id-backend: Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.6.0","new_version":"4.9.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.6.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.9.0).\n\u003c/details\u003e","html_url":"https://github.com/AlesInfiny/maris/pull/5363","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlesInfiny%2Fmaris/issues/5363","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5363/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-05-02T03:33:02.000Z","version_change":null,"issue":{"uuid":"4367765616","node_id":"PR_kwDOC4rwTc7XlilJ","number":1584,"state":"open","title":"Bump Microsoft.Identity.Web and Microsoft.Identity.Web.UI","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T03:33:02.000Z","updated_at":"2026-05-17T23:21:28.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.Identity.Web.UI","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.7.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.7.0...4.9.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.Identity.Web.UI](https://github.com/AzureAD/microsoft-identity-web) from 4.7.0 to 4.9.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web.UI's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.9.0\n\n### New features\n- **Sidecar: per-route override gating.** New `Sidecar:AllowOverrides` configuration section provides explicit, per-route control over whether `optionsOverride.*` query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. `optionsOverride.BaseUrl` is unconditionally rejected on all routes as a hardening measure. See [#​3794](https://github.com/AzureAD/microsoft-identity-web/pull/3794).\n\n### Bug fixes\n- Fix `AccountController.Challenge` redirect URI validation to reject percent-encoded protocol-relative bypasses (`%2F%2F`, `%5C%2F`, etc.) that could be decoded by misconfigured reverse proxies. See [#​3792](https://github.com/AzureAD/microsoft-identity-web/pull/3792).\n\n### Behavior changes\n- **DownstreamApi: reserved header filtering.** Headers supplied via `DownstreamApiOptions.ExtraHeaderParameters` whose names match reserved HTTP headers (`Authorization`, `Host`, `Content-Length`, `Proxy-Authorization`, `Sec-*`, `Proxy-*`, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (`ReservedHeaderIgnored` / `DuplicateHeaderIgnored`) is emitted so operators can spot misconfigurations. No exception is thrown. See [#​3793](https://github.com/AzureAD/microsoft-identity-web/pull/3793).\n\n### Dependencies updates\n- **Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.\\* 8.0.x minimum on older TFMs.** Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on `Microsoft.Extensions.DependencyInjection.Abstractions` 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a `CS0433` type collision with the previously-pinned `Microsoft.Extensions.DependencyInjection` 2.1.0. Rather than patch individual packages, the entire `Microsoft.Extensions.*` stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. **If your application targets net462, net472, or netstandard2.0**, your resolved `Microsoft.Extensions.*` versions will increase (e.g., `Extensions.Http` 3.1.3 → 8.0.0, `Extensions.DependencyInjection` 2.1.0 → 8.0.0, `Extensions.Caching.Memory` 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `System.Text.Json` 8.0.5 → 8.0.6 (CVE-2024-43485). See [#​3787](https://github.com/AzureAD/microsoft-identity-web/pull/3787).\n- Bump `Microsoft.AspNetCore.DataProtection` to 10.0.7 for CVE fix on net10.0. See [#​3796](https://github.com/AzureAD/microsoft-identity-web/pull/3796).\n- Bump `OpenTelemetry.Exporter.OpenTelemetryProtocol` 1.14.0 → 1.15.3. See [#​3788](https://github.com/AzureAD/microsoft-identity-web/pull/3788).\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.8.0...4.9.0\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.7.0...4.9.0).\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1584","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1584","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1584/packages"}},{"old_version":"3.6.2","new_version":"4.8.0","update_type":"major","path":null,"pr_created_at":"2026-04-27T06:04:59.000Z","version_change":"3.6.2 → 4.8.0","issue":{"uuid":"4333436186","node_id":"PR_kwDOCN3Hts7V10e3","number":215,"state":"closed","title":"Bump Microsoft.Identity.Web from 3.6.2 to 4.8.0","user":"dependabot[bot]","labels":["dependencies"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-04-27T06:05:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-27T06:04:59.000Z","updated_at":"2026-04-27T06:06:01.000Z","time_to_close":60,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"3.6.2","new_version":"4.8.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 3.6.2 to 4.8.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...4.8.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=3.6.2\u0026new-version=4.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2/pull/215","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Azure-Samples%2Factive-directory-dotnetcore-daemon-v2/issues/215","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/215/packages"}},{"old_version":"2.15.3","new_version":"4.8.0","update_type":"major","path":null,"pr_created_at":"2026-04-21T05:03:06.000Z","version_change":"2.15.3 → 4.8.0","issue":{"uuid":"4300388918","node_id":"PR_kwDOKPjTy87UL4x2","number":122,"state":"closed","title":"Bump Microsoft.Identity.Web from 2.15.3 to 4.8.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-04T05:25:43.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-21T05:03:06.000Z","updated_at":"2026-05-04T05:25:45.000Z","time_to_close":1124557,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"2.15.3","new_version":"4.8.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 2.15.3 to 4.8.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.8.0\n\n## What's Changed\n* Bump flatted from 3.3.3 to 3.4.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3753\n* Update changelog.md for ID.Web 4.6.0 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3756\n* Add token binding to MicrosoftIdentityMessageHandler by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3743\n* Bump picomatch in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3759\n* Documentation: Clarify managed identity credential types for containerized vs. VM/App Service deployments by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3585\n* Bump path-to-regexp from 8.3.0 to 8.4.0 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3762\n* Upgrade Microsoft Application Insights packages by @​RojaEnnam in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* Use Abstractions 12 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3761\n* Post-4.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3768\n* Fix Comp Gov DOTNET-Security-10.0 by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* Upgrade CodeQL to V4: Fix 10 CodeQL Analysis Warnings and Errors by @​reginayap8 in https://github.com/AzureAD/microsoft-identity-web/pull/3770\n* fix warnings by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3771\n* adding examples for using postgres as a distributed cache by @​JaredMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n* Suppress AOT configuration-binding SYSLIB warnings in AotCompatibility test app by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3774\n* Bump vite from 7.1.11 to 7.3.2 in /tests/DevApps/SidecarAdapter/typescript by @​dependabot[bot] in https://github.com/AzureAD/microsoft-identity-web/pull/3772\n* Skip legacy B2C local-account Todo UI test in WebAppUiTests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3778\n* Fix initialization of ConfidentialClientApplicationOptions in MergedOptions by @​cpp11nullptr in https://github.com/AzureAD/microsoft-identity-web/pull/3760\n* Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3779\n* Fix flaky certificate test failures on CI by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3780\n* MTLS Without Tokens Support by @​tlupes in https://github.com/AzureAD/microsoft-identity-web/pull/3747\n* Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development by @​Avery-Dunn in https://github.com/AzureAD/microsoft-identity-web/pull/3783\n* Remove unused DataProtection configuration from Sidecar by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3776\n\n## New Contributors\n* @​RojaEnnam made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3763\n* @​reginayap8 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3769\n* @​JaredMSFT made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3766\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.8.0\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\n## 3.6.2\n\n3.6.2\n========\n- Updated to Microsoft.Identity.Abstractions [8.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.0.0)\n\n## Fundamentals\n- Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue [#​3212](https://github.com/AzureAD/microsoft-identity-web/issues/3212) for details.\n\n## What's Changed\n* Bump the notsecurity group across 1 directory with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3211\n* Suppress TFM Build Warnings by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3210\n* Fixing 3212 and cleaning-up technical debt by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3213\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.1...3.6.2\n\n## 3.6.1\n\n3.6.1\n========\n- Updated to Microsoft.Identity.Abstractions [7.2.1](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/7.2.1)\n\n## 3.6.0\n\n3.6.0\n========\n- Updated to Microsoft.IdentityModel.* 8.3.1\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.67.2\n\n## Bug fixes\n- Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See https://github.com/AzureAD/microsoft-identity-web/pull/3131\n- Remove explicit locking in `OpenIdConnectCachingSecurityTokenProvider`. See Issue [#​3078](https://github.com/AzureAD/microsoft-identity-web/issues/3078)\n\n\n## Fundamentals\n- Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See https://github.com/AzureAD/microsoft-identity-web/pull/3183\n- Re-add code coverage comments \u0026 scope to src files. See https://github.com/AzureAD/microsoft-identity-web/issues/3177\n\n## What's Changed\n* Update changelog.md by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3161\n* Update global.json by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3163\n* Use ExtraQP to inject telemetry SDK ID by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2973\n* Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3168\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3169\n* Treat warnings as errors by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3166\n* Revert: Warning Quality Check Build Task by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3172\n* fix warnings in idweb and readd warnings as errors by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3173\n* Add checks to protect the internal claims used by MIW. Ref: issue #​2968 by @​DOMZE in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* use only src files and re-add comments by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3176\n* Update dotnet actions by @​sebastienros in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* - Fixes 3181 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3183\n* Add retry logic to stabilize flaky UI tests by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3180\n* Add null handling for process output/error data in UiTestHelpers by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3184\n* package updates from dependabot by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3185\n* Fix E2E tests persistent flakiness + build hanging by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3188\n* Revert WaitForProcess in UI Tests by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3189\n* Update to use MSAL 4.67.1 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n* Update to use MSAL 4.67.2 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3200\n* Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3202\n* 3.6.0 changelog by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3203\n\n## New Contributors\n* @​DOMZE made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* @​sebastienros made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* @​gladjohn made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.5.0...3.6.0\n\n## 3.5.0\n\n## Bug fixes\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Dont modify the merged options when building the confidential client. See https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n## Fundamentals\n* Install all .NET versions in pipeline, including .NET 9. See https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13. See https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json. See https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Disable Coverage PR comments. See in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n\n## What's Changed\n* Install all .NET versions in pipeline to fix run tests task by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Disable Coverage PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n* Dont modify the merged options when building the confidential client by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.4.0...3.5.0\n\n## 3.4.0\n\n3.4.0\n========\n- Updated to Microsoft.IdentityModel.* 8.2.1\n- Updated to Microsoft.Identity.Abstractions 7.2.0\n\n### New features\n- Add ROPC flow support for confidential client applications. See [3091](https://github.com/AzureAD/microsoft-identity-web/issues/3091), [3129](https://github.com/AzureAD/microsoft-identity-web/issues/3129), [3139](https://github.com/AzureAD/microsoft-identity-web/issues/3139).\n- Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See [3121](https://github.com/AzureAD/microsoft-identity-web/issues/3121), [3132](https://github.com/AzureAD/microsoft-identity-web/pull/3132).\n- Update to use .NET 9 GA. See [3127](https://github.com/AzureAD/microsoft-identity-web/issues/3127).\n\n## What's Changed\n* Add API and make ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n* Fixing the ROPC test that broke the build by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3133\n* Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3132\n* Add extensibility to update parameters for ROPC flow by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3130\n* Declare ROPC extensions in net 9 API by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3136\n* update dependencies to .net 9 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3141\n* Update the extensibility to add user by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3140\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3134\n* update playwright and remove net9.0 for UI tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3148\n* Update changelog 3.4.0. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3149\n* update wilson post-release by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3150\n\n## New Contributors\n* @​neha-bhargava made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.1...3.4.0\n\n## 3.3.1\n\n3.3.1\n========\n- Updated to Microsoft.IdentityModel.* 8.2.0\n\n### Supportability\n- Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the `appsettings.json`, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:\n`\"$schema\": \"https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json\"`\nThis update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR [#​3119](https://github.com/AzureAD/microsoft-identity-web/pull/3119) for details.\n\n### Fundamentals\n- Fix a flaky test in the L1L2Cache tests. See PR [#​3122](https://github.com/AzureAD/microsoft-identity-web/pull/3122) for details.\n\n## What's Changed\n* Update changelog.md to fix release 3.2.2 which had a breaking change by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3116\n* Bump the notsecurity group with 19 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3115\n* Adding a json schema for Microsoft.Identity.Web configuration by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3119\n* Fixed flaky tests by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n* Update changelog.md 3.3.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3123\n* Add Ask Mode Change Template by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3110\n\n## New Contributors\n* @​alexholub113 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.0...3.3.1\n\n## 3.3.0\n\n3.3.0\n========\n- Updated to Microsoft.Identity.Client 4.66.0\n- Update system.Text.Json to 8.0.5 CVE-2024-43485\n- Updated to .NET 9 RC2\n \n### New features\n- Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see [#​2975](https://github.com/AzureAD/microsoft-identity-web/issues/2975)\n\n### Fundamentals\n- Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n- ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096. Thank you!\n- Onboarded to Threading Analyzers. For details, see [#​3052](https://github.com/AzureAD/microsoft-identity-web/issues/3052)\n- display code coverage as PR comments\n- Fix flaky EncryptionTestAsync on .NET 9.\n\n## What's Changed\n* Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3069\n* Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3073\n* Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3072\n* Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3070\n* update system.Text.Json to 8.0.5 CVE-2024-43485 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3074\n* another update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3075\n* Onboard Id Web to Threading Analyzers by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3041\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3082\n* Align editor config with other libraries by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3079\n* Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3085\n* Use nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3083\n* Fix EncryptionTestAsync on .NET 9 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3088\n* Update GitHub Action to run unit tests by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3089\n* Update template-install-dependencies.yaml by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3092\n* Fix DevEx and IDDP builds by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3093\n* Mark IdWeb APIs as shipped by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3086\n* Update version by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3094\n* Split aot compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n* ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n* update to MSAL 4.66 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3095\n* Remove swagger dependencies by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3099\n* Upgrade versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3098\n* Upgrading MSAL version by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3104\n* Grouping Dependabot Updates by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3105\n* Microsoft.Identity.Web token acquisition extensions by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3005\n* display code coverage as PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3107\n* Use Nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3112\n* Update changelog.md for 3.3.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3113\n\n## New Contributors\n* @​guardrex made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.2...3.3.0\n\n## 3.2.2\n\n3.2.2\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.2\n\n## 3.2.1\n\n3.2.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.1\n\n## What's Changed\n* update id web after releases by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3035\n* update net 9 version to rc 1 in build script by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3036\n* add disable discover enumeration = true for theory tests by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3042\n* Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3040\n* Removed ConfigureAwait(false) from flaky tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3045\n* removed ConfigureAwait(false) from all tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3051\n* 3.2.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3054\n* update xunit versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3053\n* IdentityModel 8.1.1 update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3056\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.0...3.2.1\n\n## 3.2.0\n\n3.2.0\n=========\n- Updated to Microsoft.Identity.Abstractions 7.1.0\n- Updated to Microsoft.IdentityModel.* 8.1.0\n- Updated to Microsoft.Identity.Client 4.64.1\n \n### New features\n- In .NET 8 and above, `IDownstreamApi` overloads take a `JsonTypeInfo\u003cT\u003e` parameter to enable source generated JSON deserialization. See issue [#​2930](https://github.com/AzureAD/microsoft-identity-web/issues/2930) for details.\n\n### Bug fixes:\n- Azure region is used while creating application keys when the TokenAcquisition service caches application objects, and the TokenAcquirerFactory caches TokenAcquirer. See [#​3002](https://github.com/AzureAD/microsoft-identity-web/pull/3002) for details.\n- Improved error messages for FIC. See issue [#​3000](https://github.com/AzureAD/microsoft-identity-web/issues/3000) for details.\n\n### Fundamentals:\n- Improved test coverage for `GetCacheKey`. See PR [#​3020](https://github.com/AzureAD/microsoft-identity-web/pull/3020) for details.\n- Update to .NET 9-RC1. See issue [#​3025](https://github.com/AzureAD/microsoft-identity-web/issues/3025) for details.\n- Fix static analysis warnings. See PR [#​3024](https://github.com/AzureAD/microsoft-identity-web/pull/3024) for details.\n\n\n## 3.1.0\n\n3.1.0\n=========\n- Updated to Microsoft.IdentityModel.* 8.0.2\n\n### Security improvement:\n- Id Web now uses `CaseSensitiveClaimsIdentity` by default and provides AppContextSwitches to fallback to using `ClaimsIdentity`. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR [#​2977](https://github.com/AzureAD/microsoft-identity-web/pull/2977) for details.\n\n### Bug fixes:\n- For SN/I scenarios, Id Web's `GetTokenAcquirer` now sets `SendX5C` in particular protocols. See issue [#​2887](https://github.com/AzureAD/microsoft-identity-web/issues/2887) for details.\n- Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR [#​2954](https://github.com/AzureAD/microsoft-identity-web/issues/2954) for details.\n- Fix regex that threw a format exception: `The input string \" was not in a correct format` when enabling *same-site cookie compatibility* with userAgent: \"Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue [#​2879](https://github.com/AzureAD/microsoft-identity-web/issues/2879) for details.\n- Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR [#​2962](https://github.com/AzureAD/microsoft-identity-web/pull/2962) for details.\n  \n### Fundamentals:\n- Fix flakey tests: [#​2972](https://github.com/AzureAD/microsoft-identity-web/pull/2972), [#​2984](https://github.com/AzureAD/microsoft-identity-web/pull/2984), [#​2982](https://github.com/AzureAD/microsoft-identity-web/issues/2982), \n- Update to `AzureKeyVault@​2` in AzureDevOps, [#​2981](https://github.com/AzureAD/microsoft-identity-web/pull/2981).\n- Update to .NET 9-preview7, [#​2980](https://github.com/AzureA....\n\n_Description has been truncated_","html_url":"https://github.com/ITU-BDSA23-GROUP22/Chirp/pull/122","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ITU-BDSA23-GROUP22%2FChirp/issues/122","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/122/packages"}},{"old_version":"2.15.3","new_version":"4.7.0","update_type":"major","path":null,"pr_created_at":"2026-04-20T05:16:28.000Z","version_change":"2.15.3 → 4.7.0","issue":{"uuid":"4293260254","node_id":"PR_kwDOKPjTy87T0vxW","number":110,"state":"closed","title":"Bump Microsoft.Identity.Web from 2.15.3 to 4.7.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-20T05:16:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-20T05:16:28.000Z","updated_at":"2026-04-20T05:16:54.000Z","time_to_close":24,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"2.15.3","new_version":"4.7.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 2.15.3 to 4.7.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\n## 4.5.0\n\n### New features\n- Add support for certificate store lookup by subject name. See [#​3742](https://github.com/AzureAD/microsoft-identity-web/pull/3742).\n\n### Dependencies updates\n- Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See [#​3739](https://github.com/AzureAD/microsoft-identity-web/pull/3739).\n- Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See [#​3740](https://github.com/AzureAD/microsoft-identity-web/pull/3740).\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.4.0-preview.1\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\n## 4.0.1\n\n## Bugs fixes\n* Correctly compute Application Key when credential usage fails.\n* Fix bugs where agent user identities didn't work with non-default authentication schemes.\n\n## Fundamentals\n* Update .net version to CG compliance \n\n## Sidecar\n* Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ\n\n\n## 4.0.0\n\n4.0.0\n=========\n### Breaking Changes\n**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.\n\nSee [MIGRATION_GUIDE_V4](https://github.com/AzureAD/microsoft-identity-web/blob/master/MIGRATION_GUIDE_V4.md)\n\n\n### New features\n- Various improvements to performance logging, authentication, and credential loading capabilities.\n- Bumped MSAL.NET to 4.77.1\n- Added credential description extensibility. For details, see [#​3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)\n- Added a new CerticateObserverAction type: SuccessfullyUsed and support for multiple certificate observers for improved certificate lifecycle management and telemetry. See [#​3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)\n- Add specification of OID (in addition to upn) when requesting an authorization header for Agent User Identity. See [#​3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)\n- Added ClaimsPrincipal and ClaimsIdentity extension methods for agent identity detection in web APIs enabling developers to easily detect agent identities and retrieve parent agent blueprint from token claims. See [#​3515](https://github.com/AzureAD/microsoft-identity-web/pull/3515)\n- Added MicrosoftIdentityMessageHandler for flexible HttpClient authentication. Provides composable alternative to DownstreamApi with per-request authentication configuration. Supports WWW-Authenticate challenge handling. See [#​3503](https://github.com/AzureAD/microsoft-identity-web/pull/3503)\n- Support for multiple certificate observers. See [#​3506](https://github.com/AzureAD/microsoft-identity-web/pull/3506)\n- The Microsoft.Identity.Web.Sidecar will provide a container solution for validation and token acquisition in any-language. See [#​3524](https://github.com/AzureAD/microsoft-identity-web/pull/3524)\n\n### Bug Fixes\n- Fixed TokenAcquirerFactory null reference when AppContext.BaseDirectory is root path. See [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443)\n- Fixed IDW10405 error when using managed identity with common tenant. See [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415)\n- Removed hard dependency on IConfiguration in OidcIdpSignedAssertionLoader. See [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414)\n\n### Fundamentals\n- Various improvements to .NET support and dependency optimizations.\n- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)\n- Combined and fixed test collections. See [#​3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)\n- Migrate repository agent rules from .clinerules to agents.md. See [#​3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)\n- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#​3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)\n- Renamed NET 7 tests to ThreadingTests for framework independence. See [#​3501](https://github.com/AzureAD/microsoft-identity-web/pull/3501)\n\n\n## 3.14.1\n\n3.14.1\n=======\n\n## Bug fixe\n-  Support client secrets with agent user identities. See [#​3470](https://github.com/AzureAD/microsoft-identity-web/issues/3470) for details.\n\n\n\n3.14.0\n=======\n## New features\n- Support multi-tenant agent user identities. See [#​3461](https://github.com/AzureAD/microsoft-identity-web/issues/3461) for details.\n- Id Web now allows for passing of ExtraBodyParameters. See [#​3463](https://github.com/AzureAD/microsoft-identity-web/issues/3463) for details.\n\n\n## 3.13.1\n\n3.13.1\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.14.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.14.0).\n\n## 3.13.0\n\n3.13.0\n=======\n### Dependencies updates\n- Microsoft.IdentityModel updated to version [8.13.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.13.1).\n- Microsoft.Abstractions updated to version [9.3.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/9.3.) and using IAuthenticationSchemeInformationProvider from that library, deprecating the interface of the same name in Microsoft.Identity.Web (introduced in 3.12.0).\n\n### Bug fixes\n- Fixed an issue with instantiation of TokenAcquirerFactory when AppContext.BaseDirectory is root path. See PR [#​3443](https://github.com/AzureAD/microsoft-identity-web/pull/3443) for details.\n\n### Fundamentals\n- Use cloud user in tests. See PR [#​3441](https://github.com/AzureAD/microsoft-identity-web/pull/3441) and [#​3442](https://github.com/AzureAD/microsoft-identity-web/pull/3442) for details.\n\n\n## 3.12.0\n\n3.12.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.74.1 part of [#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3435).\n\n## Bug fix\nReload certificates for all client credential based issues to solve the issue that when a bad certificate was installed on the machine and picked up, and subsequently rotated, a service restart was needed for the new certificate to be used. See issue [#​3429](https://github.com/AzureAD/microsoft-identity-web/issues/3429) and PR [#​3430](https://github.com/AzureAD/microsoft-identity-web/pull/3430) \n\n## New features\n* Include the thrown exception in CertificateChangeEventArg. See PR [#​3428](https://github.com/AzureAD/microsoft-identity-web/pull/3428) for better supportabiliby.\n* Support for Agent User identities. See PR [#​3435](https://github.com/AzureAD/microsoft-identity-web/pull/3435)\n\n\n\n\n## 3.11.0\n\n3.11.0\n=======\n### Dependencies updates\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.108. See PR [#​3422](https://github.com/AzureAD/microsoft-identity-web/pull/3422) for details.\n\n### Bug fixes\n- Fix `IDW10405` error when using managed identity with common tenant. See PR [#​3415](https://github.com/AzureAD/microsoft-identity-web/pull/3415) for details.\n- Fix `OidcIdpSignedAssertionLoader` to remove hard dependency on IConfiguration registration. See PR [#​3414](https://github.com/AzureAD/microsoft-identity-web/pull/3414) for details.\n\n### New feature\n- Add support for `ExtraHeaderParameters` and `ExtraQueryParameters` properties on `DownstreamApiOptions` to simplify adding custom headers and query parameters to downstream API requests. See PR [#​3413](https://github.com/AzureAD/microsoft-identity-web/pull/3413) for details.\n- Add better support for Azure SDK. For details see [Readme-Azure](./src/Microsoft.Identity.Web.Azure/README-Azure.md) and PR [#​3416](https://github.com/AzureAD/microsoft-identity-web/pull/3416)\n\n## What's Changed\n* Update Abstractions version and the public API files after 3.10.0 release by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3407\n* Update Directory.Build.props by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3404\n* Fix IDW10405 error when using managed identity with common tenant by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n* Add ExtraHeaderParameters and ExtraQueryParameters support to DownstreamApi by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3413\n* Fix OidcIdpSignedAssertionLoader to remove hard dependency on IConfiguration registration by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3414\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3422\n* Improved experience for Azure SDKs with Microsoft Identity Platform authentication by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3416\n* Update 3.11 changelog by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3423\n* update test certs by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3424\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3415\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.10.0...3.11.0\n\n## 3.10.0\n\n3.10.0\n=======\n### Dependencies updates\n- Updated MSAL to version 4.73.1 ([#​3398](https://github.com/AzureAD/microsoft-identity-web/pull/3398)).\n- Updated `global.json` to the latest .NET 9 runtime framework 9.0.107 ([#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385)).\n\n### New feature\n- Added support for Agent Identities ([#​3396](https://github.com/AzureAD/microsoft-identity-web/issues/3396), [#​3402](https://github.com/AzureAD/microsoft-identity-web/pull/3402)).  \n  introducing the `Microsoft.Identity.Web.AgentIdentities` package .\n\n### Bug fixes\n- Processed codeQL issues\n\n### Fundamentals\n- improved unit tests for OidcFic with the new SignedAssertionFmiPath\n\n## 3.9.4\n\n3.9.4\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.1).\n\n### Bug fix\n- Updates the `DefaultAuthorizationHeaderProvider` to update the `AcquireTokenOptions.LongRunningWebApiSessionKey` after the token is acquired so that the key can be used in the next OBO call. See PR [#​3381](https://github.com/AzureAD/microsoft-identity-web/pull/3381) for details.\n\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3385](https://github.com/AzureAD/microsoft-identity-web/pull/3385) for details.\n- Improved test coverage for managed identity flows. See [#​3350](https://github.com/AzureAD/microsoft-identity-web/pull/3350) for details.\n\n## What's Changed\n* Add Claims and Capability Support to Managed Identity Flows by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3350\n* Adding fix for OBO cache key error in long running OBO with DefaultAuthorizationHeaderProvider by @​trwalke in https://github.com/AzureAD/microsoft-identity-web/pull/3381\n* Update global.json by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3385\n* changelog 3.9.4 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3386\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.3...3.9.4\n\n## 3.9.3\n\n3.9.3\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.12.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.12.0).\n\n### Fundamentals\n- Add `.clinerules` to help with AI tooling.\n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  For details see [#​3379](https://github.com/AzureAD/microsoft-identity-web/pull/3379)\n\n## What's Changed\n* Update M.IM 8.11 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3373\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3376\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3379\n* changelog 3.9.3 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3380\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.2...3.9.3\n\n## 3.9.2\n\n3.9.2\n=======\n### Package updates\n- Microsoft.IdentityModel updated to version [8.11.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.11.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.1).\n\n### Fundamentals:\n- Fix invalid comparisons in prop and csproj files. For details see [#​3297](https://github.com/AzureAD/microsoft-identity-web/pull/3297).\n\n## What's Changed\n* Release notes and cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3367\n* Remove invalid comparisons by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3368\n* update to MSAL 4.72.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3369\n* update 3.9.2 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3372\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.1...3.9.2\n\n## 3.9.1\n\n3.9.1\n========\n### Package updates\n- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).\n\n### Fundamentals\n- Fix AoT warnings. For details see [#​3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366).\n\n## What's Changed\n* Fix AoT warnings (and update to Abstractions 9.1.0) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3366\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.9.0...3.9.1\n\n## 3.9.0\n\n3.9.0\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).\n- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).\n\n### Bug fixes\n- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\n- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#​3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).\n- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n- Prevented null reference when accessing MergedOptions instance. See [#​3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).\n\n### New feature\n - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#​3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#​3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).\n\n### Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).\n- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#​3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).\n\n### External contributions\nThank you @​evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#​3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).\nThank you @​neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#​3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).\n\n## 3.8.4\n\n3.8.4\n========\n### Package updates\n- Microsoft.IdentityModel updated to version [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0).\n- MSAL.NET updated to version [MSAL.NET 4.71.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.71.0).\n\n### Bug fixes\n- Fixed the issue where FmiPath was not persisted when copying/reinitializing AcquireTokenOptions. See [#​3336](https://github.com/AzureAD/microsoft-identity-web/issues/3336).\n\n### New feature\n- Added support for Linux-friendly devcontainers. See [#​3333](https://github.com/AzureAD/microsoft-identity-web/issues/3333) and [#​3339](https://github.com/AzureAD/microsoft-identity-web/pull/3339).\n\n### Fundamentals\n- Removed System.Text.Json as an explicit dependency for .NET Core targets. See [#​3331](https://github.com/AzureAD/microsoft-identity-web/issues/3331).\n\n## 3.8.3\n\n3.8.3\n========\n### Package updates\n- Updated to Microsoft.IdentityModel.* [8.8.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.8.0)\n- Updated to [MSAL.NET 4.70.1](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.70.1)\n  \n### New feature\n- `TokenAcquistion.cs` adds its service provider to the acquisition options. See issue [#​3315](https://github.com/AzureAD/microsoft-identity-web/issues/3315) for details.\n\n\n## 3.8.2\n\n3.8.2\n========\n- Updated to Microsoft.Identity.Abstractions [9.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/9.0.0)\n\n### New feature\n- An exception is now thrown if MSAL `TokenCacheNotificationArgs` indicates that distributed cache is configured when it should not have been. See [#​3304](https://github.com/AzureAD/microsoft-identity-web/issues/3304).\n- Added support for federated identity credentials with AT_POP. See [#​3299](https://github.com/AzureAD/microsoft-identity-web/pull/3299).\n\n## 3.8.1\n\n### New features\n- Updated to Microsoft.IdentityModel.* [8.7.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.7.0)\n\n### Bug fixes\n- Pins Microsoft.Extensions.Http dependency version to 3.1.3 for .NET Framework and .NET Standard and uses inbox version for .NET Core. See [#​3145](https://github.com/AzureAD/microsoft-identity-web/issues/3145).\n\n## What's Changed\n* Post release cleanup by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3291\n* update MIM by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3292\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3294\n* Make Microsoft.Extensions.Http dependency framework friendly by @​ksaaf in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n* Update to IdentityModel 8.7.0 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3307\n\n## New Contributors\n* @​ksaaf made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3296\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.8.0...3.8.1\n\n## 3.8.0\n\n3.8.0\n========\n### New feature\n- Updated to Microsoft.IdentityModel.* [8.6.1](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.6.1)\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.69.1\n- Updated the Json Schema to include extensiblity for signed assertion providers. See [#​3235](https://github.com/AzureAD/microsoft-identity-web/pull/3235)\n- Added support for Federation Identity Credential on any OIDC Idp (FIC+OIDC credential provider). See [#​3255](https://github.com/AzureAD/microsoft-identity-web/pull/3255)\n- Support for acquiring token for Federation Managed Identity (FMI). Supports the `FmiPath` property of `AcquireTokenOptions`. See [#​3247](https://github.com/AzureAD/microsoft-identity-web/issues/3247)\n- Downstream APIs now support Authorization headers with a custom SAML bearer syntax. See [#​3273](https://github.com/AzureAD/microsoft-identity-web/pull/3273)\n\n## Bug fixes\n- TokenAcquirerFactory is now thread safe. See [#​3274](https://github.com/AzureAD/microsoft-identity-web/pull/3274)\n- Fix a bug in the parsing of the token in the authority. See [#​3261](https://github.com/AzureAD/microsoft-identity-web/pull/3261)\n\n## Fundamentals\n- Removed old Blazorwasm sample, wasm-tools and added new blazor web API: [#​3259](https://github.com/AzureAD/microsoft-identity-web/pull/3259), [#​3257](https://github.com/AzureAD/microsoft-identity-web/pull/3257), [#​3254](https://github.com/AzureAD/microsoft-identity-web/pull/3254)\n- Modified the build so that, in CI/CD internal builds, the NuGet.olg NuGet source is replaced by a managed Nuget source. More verbose information added. See [#​3263](https://github.com/AzureAD/microsoft-identity-web/pull/3263)\n- Fixed CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity. See [#​3266](https://github.com/AzureAD/microsoft-identity-web/pull/3266),\n\n## What's Changed\n* Update changelog.md by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3246\n* Lozensky/add fmi path by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3247\n* Lozensky/perf fix graph service client by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3251\n* M.IM 8.6.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3252\n* Jennyf/blazor prototype by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3254\n* remove old blazor apps by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3257\n* Remove step for installing wasm-tools in the build by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3259\n* Fix for Remove NuGet Source steps (now with enhanced logging) by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3263\n* Add CustomSignedAssertion to Credentials.json by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3235\n* Fix CS8602 Warnings in Weather.razor (BlazorApp) – Handle Nullable forecasts and user.Identity by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3266\n* Add Support for Custom Saml Bearer in HttpRequest Headers by @​sthanu98 in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n* comment out the code coverage by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3279\n* update msal to 4.69.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3281\n* FIC+OIDC credential provider by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3255\n* Update the IdWeb version number by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3280\n* Locking Down the TokenAcquirerFactory by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3274\n* Fix authority parsing logic by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3261\n* Update changelog.md for Id.web 3.8.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3285\n\n## New Contributors\n* @​sthanu98 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3273\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.7.1...3.8.0\n\n## 3.7.1\n\n3.7.1\n========\n- Updated to Microsoft.IdentityModel.* [8.5.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.5.0)\n\n## 3.7.0\n\n3.7.0\n========\n- Updated to Microsoft.Identity.Abstractions [8.1.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.1.0)\n- Updated to Microsoft.IdentityModel.* [8.4.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.4.0)\n\n### New Feature\n- IdentityWeb now provides extensibility to `DefaultCredentialsLoader` so that partner teams, or an SDK on top of IdWeb, can bring their own credential providers. See [#​3220](https://github.com/AzureAD/microsoft-identity-web/issues/3220) for details.\n\n## Bug fixes\n- The merged options are now being passed to MSAL for the CCA ROPC scenario. See [#​3207](https://github.com/AzureAD/microsoft-identity-web/issues/3207) for details.\n\n## What's Changed\n* changelog update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3216\n* Pass the assertion options to MSAL for ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3217\n* Update global.json to 9.0.102 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3222\n* Bump the notsecurity group with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3219\n* update abstractions to 8.1.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3224\n* update benchmark by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3229\n* Adding Extensibility for Custom Signed Assertion Providers by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3226\n* Update changelog.md 3.7.0 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3233\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.2...3.7.0\n\n## 3.6.2\n\n3.6.2\n========\n- Updated to Microsoft.Identity.Abstractions [8.0.0](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/8.0.0)\n\n## Fundamentals\n- Clean-up the tests that were using properties removed in Abstractions 8.0.0. See issue [#​3212](https://github.com/AzureAD/microsoft-identity-web/issues/3212) for details.\n\n## What's Changed\n* Bump the notsecurity group across 1 directory with 3 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3211\n* Suppress TFM Build Warnings by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3210\n* Fixing 3212 and cleaning-up technical debt by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3213\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.6.1...3.6.2\n\n## 3.6.1\n\n3.6.1\n========\n- Updated to Microsoft.Identity.Abstractions [7.2.1](https://github.com/AzureAD/microsoft-identity-abstractions-for-dotnet/releases/tag/7.2.1)\n\n## 3.6.0\n\n3.6.0\n========\n- Updated to Microsoft.IdentityModel.* 8.3.1\n- Updated to [MSAL.NET](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet) 4.67.2\n\n## Bug fixes\n- Checks that B2C tokens don't contain the claims used by Identity Web to represent the home tenant and object ID (obtained from the UserInfo endpoint). See https://github.com/AzureAD/microsoft-identity-web/pull/3131\n- Remove explicit locking in `OpenIdConnectCachingSecurityTokenProvider`. See Issue [#​3078](https://github.com/AzureAD/microsoft-identity-web/issues/3078)\n\n\n## Fundamentals\n- Fix Null Reference Exception in OwinTokenAcquirerFactory + other OWIN cleanup. See https://github.com/AzureAD/microsoft-identity-web/pull/3183\n- Re-add code coverage comments \u0026 scope to src files. See https://github.com/AzureAD/microsoft-identity-web/issues/3177\n\n## What's Changed\n* Update changelog.md by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3161\n* Update global.json by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3163\n* Use ExtraQP to inject telemetry SDK ID by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2973\n* Fix 3167 (package downgrade when referencing IdentityModel.Tokens from dev) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3168\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3169\n* Treat warnings as errors by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3166\n* Revert: Warning Quality Check Build Task by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3172\n* fix warnings in idweb and readd warnings as errors by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3173\n* Add checks to protect the internal claims used by MIW. Ref: issue #​2968 by @​DOMZE in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* use only src files and re-add comments by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3176\n* Update dotnet actions by @​sebastienros in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* - Fixes 3181 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3183\n* Add retry logic to stabilize flaky UI tests by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3180\n* Add null handling for process output/error data in UiTestHelpers by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3184\n* package updates from dependabot by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3185\n* Fix E2E tests persistent flakiness + build hanging by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3188\n* Revert WaitForProcess in UI Tests by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3189\n* Update to use MSAL 4.67.1 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n* Update to use MSAL 4.67.2 by @​gladjohn in https://github.com/AzureAD/microsoft-identity-web/pull/3200\n* Remove explicit locking in OpenIdConnectCachingSecurityTokenProvider by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3202\n* 3.6.0 changelog by @​kllysng in https://github.com/AzureAD/microsoft-identity-web/pull/3203\n\n## New Contributors\n* @​DOMZE made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3131\n* @​sebastienros made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3175\n* @​gladjohn made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3193\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.5.0...3.6.0\n\n## 3.5.0\n\n## Bug fixes\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null. See https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Dont modify the merged options when building the confidential client. See https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n## Fundamentals\n* Install all .NET versions in pipeline, including .NET 9. See https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13. See https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json. See https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Disable Coverage PR comments. See in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n\n## What's Changed\n* Install all .NET versions in pipeline to fix run tests task by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3152\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3138\n* Specify sdk version in global.json by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3156\n* Ensure Singleton registration for TokenAcquisition Services when TokenAcquirerFactory is null by @​sruke in https://github.com/AzureAD/microsoft-identity-web/pull/3155\n* Disable Coverage PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3159\n* Dont modify the merged options when building the confidential client by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/3137\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.4.0...3.5.0\n\n## 3.4.0\n\n3.4.0\n========\n- Updated to Microsoft.IdentityModel.* 8.2.1\n- Updated to Microsoft.Identity.Abstractions 7.2.0\n\n### New features\n- Add ROPC flow support for confidential client applications. See [3091](https://github.com/AzureAD/microsoft-identity-web/issues/3091), [3129](https://github.com/AzureAD/microsoft-identity-web/issues/3129), [3139](https://github.com/AzureAD/microsoft-identity-web/issues/3139).\n- Allow multi-tenant applications to specify the AppHomeTenantId to be used for client credentials. See [3121](https://github.com/AzureAD/microsoft-identity-web/issues/3121), [3132](https://github.com/AzureAD/microsoft-identity-web/pull/3132).\n- Update to use .NET 9 GA. See [3127](https://github.com/AzureAD/microsoft-identity-web/issues/3127).\n\n## What's Changed\n* Add API and make ROPC call by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n* Fixing the ROPC test that broke the build by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3133\n* Use AppHomeTenantId for acquiring app token when TenantId is not tenant by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3132\n* Add extensibility to update parameters for ROPC flow by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3130\n* Declare ROPC extensions in net 9 API by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3136\n* update dependencies to .net 9 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3141\n* Update the extensibility to add user by @​neha-bhargava in https://github.com/AzureAD/microsoft-identity-web/pull/3140\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3134\n* update playwright and remove net9.0 for UI tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3148\n* Update changelog 3.4.0. by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3149\n* update wilson post-release by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3150\n\n## New Contributors\n* @​neha-bhargava made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3103\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.1...3.4.0\n\n## 3.3.1\n\n3.3.1\n========\n- Updated to Microsoft.IdentityModel.* 8.2.0\n\n### Supportability\n- Added JSON schema support for Microsoft.Identity.Web configuration. This allows for schema validation in the `appsettings.json`, improving configuration accuracy and developer experience. To use it, add the following at the top of your appsettings.json:\n`\"$schema\": \"https://github.com/AzureAD/microsoft-identity-web/blob/master/JsonSchemas/microsoft-identity-web.json\"`\nThis update enhances the configuration process by providing clear structure and validation for settings used in Microsoft.Identity.Web. See PR [#​3119](https://github.com/AzureAD/microsoft-identity-web/pull/3119) for details.\n\n### Fundamentals\n- Fix a flaky test in the L1L2Cache tests. See PR [#​3122](https://github.com/AzureAD/microsoft-identity-web/pull/3122) for details.\n\n## What's Changed\n* Update changelog.md to fix release 3.2.2 which had a breaking change by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3116\n* Bump the notsecurity group with 19 updates by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3115\n* Adding a json schema for Microsoft.Identity.Web configuration by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3119\n* Fixed flaky tests by @​alexholub113 in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n* Update changelog.md 3.3.1 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3123\n* Add Ask Mode Change Template by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3110\n\n## New Contributors\n* @​alexholub113 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3122\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.3.0...3.3.1\n\n## 3.3.0\n\n3.3.0\n========\n- Updated to Microsoft.Identity.Client 4.66.0\n- Update system.Text.Json to 8.0.5 CVE-2024-43485\n- Updated to .NET 9 RC2\n \n### New features\n- Microsoft.Identity.Web token acquisition now provides an extensibility mechanism to enlight non-standard features. For details, see [#​2975](https://github.com/AzureAD/microsoft-identity-web/issues/2975)\n\n### Fundamentals\n- Split DownstreamApi methods between AoT compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n- ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096. Thank you!\n- Onboarded to Threading Analyzers. For details, see [#​3052](https://github.com/AzureAD/microsoft-identity-web/issues/3052)\n- display code coverage as PR comments\n- Fix flaky EncryptionTestAsync on .NET 9.\n\n## What's Changed\n* Bump System.Text.Json from 8.0.4 to 8.0.5 in /tools/ConfigureGeneratedApplications by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3069\n* Bump Microsoft.Identity.Web.DownstreamApi, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3073\n* Bump Microsoft.Identity.Web.MicrosoftGraph, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration and Microsoft.Extensions.Options.ConfigurationExtensions by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3072\n* Bump Microsoft.Identity.Web, Microsoft.Extensions.Logging.Abstractions, System.Text.Json, System.Text.Encodings.Web, Microsoft.AspNetCore.DataProtection, System.Security.Cryptography.Xml, Microsoft.Extensions.Caching.Memory, Microsoft.Extensions.Logging, Microsoft.Extensions.DependencyInjection, System.Formats.Asn1, System.Security.Cryptography.Pkcs, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Options.ConfigurationExtensions and Microsoft.Extensions.Hosting by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3070\n* update system.Text.Json to 8.0.5 CVE-2024-43485 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3074\n* another update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3075\n* Onboard Id Web to Threading Analyzers by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3041\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3082\n* Align editor config with other libraries by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3079\n* Fix reflection in MemoryCache tests to support both versions seen in .NET 9 RCs by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3085\n* Use nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3083\n* Fix EncryptionTestAsync on .NET 9 by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3088\n* Update GitHub Action to run unit tests by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/3089\n* Update template-install-dependencies.yaml by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3092\n* Fix DevEx and IDDP builds by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3093\n* Mark IdWeb APIs as shipped by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3086\n* Update version by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3094\n* Split aot compatible and incompatible methods by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3090\n* ASP.NET Core (and other) cross-link updates by @​guardrex in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n* update to MSAL 4.66 by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3095\n* Remove swagger dependencies by @​msbw2 in https://github.com/AzureAD/microsoft-identity-web/pull/3099\n* Upgrade versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3098\n* Upgrading MSAL version by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3104\n* Grouping Dependabot Updates by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3105\n* Microsoft.Identity.Web token acquisition extensions by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3005\n* display code coverage as PR comments by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3107\n* Use Nuget config file by @​SaurabhMSFT in https://github.com/AzureAD/microsoft-identity-web/pull/3112\n* Update changelog.md for 3.3.0 by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/3113\n\n## New Contributors\n* @​guardrex made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3096\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.2...3.3.0\n\n## 3.2.2\n\n3.2.2\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.2\n\n## 3.2.1\n\n3.2.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.1.1\n\n## What's Changed\n* update id web after releases by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3035\n* update net 9 version to rc 1 in build script by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/3036\n* add disable discover enumeration = true for theory tests by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3042\n* Bump Microsoft.Identity.Client from 4.64.1 to 4.65.0 by @​dependabot in https://github.com/AzureAD/microsoft-identity-web/pull/3040\n* Removed ConfigureAwait(false) from flaky tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3045\n* removed ConfigureAwait(false) from all tests by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3051\n* 3.2.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/microsoft-identity-web/pull/3054\n* update xunit versions by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/3053\n* IdentityModel 8.1.1 update by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/3056\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.2.0...3.2.1\n\n## 3.2.0\n\n3.2.0\n=========\n- Updated to Microsoft.Identity.Abstractions 7.1.0\n- Updated to Microsoft.IdentityModel.* 8.1.0\n- Updated to Microsoft.Identity.Client 4.64.1\n \n### New features\n- In .NET 8 and above, `IDownstreamApi` overloads take a `JsonTypeInfo\u003cT\u003e` parameter to enable source generated JSON deserialization. See issue [#​2930](https://github.com/AzureAD/microsoft-identity-web/issues/2930) for details.\n\n### Bug fixes:\n- Azure region is used while creating application keys when the TokenAcquisition service caches application objects, and the TokenAcquirerFactory caches TokenAcquirer. See [#​3002](https://github.com/AzureAD/microsoft-identity-web/pull/3002) for details.\n- Improved error messages for FIC. See issue [#​3000](https://github.com/AzureAD/microsoft-identity-web/issues/3000) for details.\n\n### Fundamentals:\n- Improved test coverage for `GetCacheKey`. See PR [#​3020](https://github.com/AzureAD/microsoft-identity-web/pull/3020) for details.\n- Update to .NET 9-RC1. See issue [#​3025](https://github.com/AzureAD/microsoft-identity-web/issues/3025) for details.\n- Fix static analysis warnings. See PR [#​3024](https://github.com/AzureAD/microsoft-identity-web/pull/3024) for details.\n\n\n## 3.1.0\n\n3.1.0\n=========\n- Updated to Microsoft.IdentityModel.* 8.0.2\n\n### Security improvement:\n- Id Web now uses `CaseSensitiveClaimsIdentity` by default and provides AppContextSwitches to fallback to using `ClaimsIdentity`. This means that when you loopup claims with FindFirst(), FindAll() and HasClaim(), you need to provide the right casing for the claim. See PR [#​2977](https://github.com/AzureAD/microsoft-identity-web/pull/2977) for details.\n\n### Bug fixes:\n- For SN/I scenarios, Id Web's `GetTokenAcquirer` now sets `SendX5C` in particular protocols. See issue [#​2887](https://github.com/AzureAD/microsoft-identity-web/issues/2887) for details.\n- Fix for Instance/Tenant parsing for V2 authority (affected one Entra External IDs scenario). See PR [#​2954](https://github.com/AzureAD/microsoft-identity-web/issues/2954) for details.\n- Fix regex that threw a format exception: `The input string \" was not in a correct format` when enabling *same-site cookie compatibility* with userAgent: \"Dalvik/2.1.0 (Linux; U; Android 12; Chromecast Build/STTE.230319.008.H1). See issue [#​2879](https://github.com/AzureAD/microsoft-identity-web/issues/2879) for details.\n- Microsoft.Identity.Web 3.1.0 now has an upper bound set on its dependency on Microsoft.Identity.Abstractions to version 7x to avoid referencing Microsoft.Identity.Abstractions 8.0.0, which has an interface breaking change, not yet implemented in Microsoft.Identity.Web. See PR [#​2962](https://github.com/AzureAD/microsoft-identity-web/pull/2962) for details.\n  \n### Fundamentals:\n- Fix flakey tests: [#​2972](https://github.com/AzureAD/microsoft-identity-web/pull/2972), [#​2984](https://github.com/AzureAD/microsoft-identity-web/pull/2984), [#​2982](https://github.com/AzureAD/microsoft-identity-web/issues/2982), \n- Update to `AzureKeyVault@​2` in AzureDevOps, [#​2981](https://github.com/AzureAD/microsoft-identity-web/pull/2981).\n- Update to .NET 9-preview7, [#​2980](https://github.com/AzureAD/microsoft-identity-web/pull/2980) and [#​2991](https://github.com/AzureAD/microsoft-identity-web/pull/2991).\n- It's now possible to build a specific version of Microsoft.Identity.Web based on specific versions of Microsoft.IdentityModel and Microsoft.Identity.Abstractions by specifying build variables on the dotnet pack command (MicrosoftIdentityModelVersion, MicrosoftIdentityAbstractionsVersions, and MicrosoftIdentityWebVersion): [#​2974](https://github.com/AzureAD/microsoft-identity-web/pull/2974), [#​2990](https://github.com/AzureAD/microsoft-identity-web/pull/2990)\n\n## What's Changed\n* Add X5C to MSAuth POP by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/2950\n* Update CSPROJ with README by @​localden in https://github.com/AzureAD/microsoft-identity-web/pull/2956\n* Fix Instance/Tenant Parsing for V2 Authority by @​jackj-msft in https://github.com/AzureAD/microsoft-identity-web/pull/2954\n* Check that regex succeeded and value is an integer. by @​brentschmaltz in https://github.com/AzureAD/microsoft-identity-web/pull/2958\n* Set upper bound on Abstractions by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/2962\n* Removing 2.x versions post 3.0.0-preview1 by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/2967\n* Fix test instability by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/2971\n* Fix AT POP tests by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/2972\n* Update to net 9 preview 7 by @​westin-m in https://github.com/AzureAD/microsoft-identity-web/pull/2980\n* Updating AzureKeyVault task to version 2 by @​JoshLozensky in https://github.com/AzureAD/microsoft-identity-web/pull/2981\n* [test] updates for one build by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2974\n* Disable ciam test by @​keegan-caruso in https://github.com/AzureAD/microsoft-identity-web/pull/2983\n* Ensure that SimulateOidc is built before IntegrationTests (that use it) by @​jmprieur in https://github.com/AzureAD/microsoft-identity-web/pull/2984\n* skip more CIAM E2E tests by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2985\n* remove grpc in E2E test by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2986\n* Jennyf/fix slice by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2988\n* reenable other ciam test by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2989\n* Jennyf/client sem ver by @​jennyf19 in https://github.com/AzureAD/microsoft-identity-web/pull/2990\n* Fix Id Web Build by @​FuPingFranco in https://github.com/AzureAD/microsoft-identity-web/pull/2991\n* Add BannedApiAnalyzers to prevent use of ClaimsIdentity constructors and AppContextSwitches for fallback by @​pmaytak in https://github.com/AzureAD/microsoft-identity-web/pull/2977\n\n## New Contributors\n* @​localden made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/2956\n* @​jackj-msft made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/2954\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/3.0.1...3.1.0\n\n## 3.0.1\n\n3.0.1\n=========\n- Updated to Microsoft.IdentityModel.* 8.0.1\n\n## 3.0.0\n\n3.0.0\n=========\n### CVE package updates\n[CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w)\n- See PR [#​2929](https://github.com/AzureAD/microsoft-identity-web/pull/2929) ....\n\n_Description has been truncated_","html_url":"https://github.com/ITU-BDSA23-GROUP22/Chirp/pull/110","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/ITU-BDSA23-GROUP22%2FChirp/issues/110","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/110/packages"}},{"old_version":"4.5.0","new_version":"4.7.0","update_type":"minor","path":null,"pr_created_at":"2026-04-06T23:46:38.000Z","version_change":"4.5.0 → 4.7.0","issue":{"uuid":"4214624189","node_id":"PR_kwDORIP3Rs7QWDcc","number":67,"state":"open","title":"deps(nuget): Bump Microsoft.Identity.Web from 4.5.0 to 4.7.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":4,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-06T23:46:38.000Z","updated_at":"2026-04-07T11:02:32.769Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps(nuget): Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.5.0","new_version":"4.7.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.5.0 to 4.7.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\n## 4.6.0\n\n## What's Changed\n\n* Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3721\n* Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3746\n* Bump Abstractions to 11.2 by @​bgavrilMS in https://github.com/AzureAD/microsoft-identity-web/pull/3749\n* Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in https://github.com/AzureAD/microsoft-identity-web/pull/3723\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.6.0\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.5.0...4.7.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.5.0\u0026new-version=4.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e\n\n\u003c!-- Reviewable:start --\u003e\n- - -\nThis change is [\u003cimg src=\"https://reviewable.io/review_button.svg\" height=\"34\" align=\"absmiddle\" alt=\"Reviewable\"/\u003e](https://reviewable.io/reviews/PlagueHO/prompt-babbler/67)\n\u003c!-- Reviewable:end --\u003e\n","html_url":"https://github.com/PlagueHO/prompt-babbler/pull/67","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/PlagueHO%2Fprompt-babbler/issues/67","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/67/packages"}},{"old_version":"4.6.0","new_version":"4.7.0","update_type":"minor","path":null,"pr_created_at":"2026-04-03T06:27:25.000Z","version_change":"4.6.0 → 4.7.0","issue":{"uuid":"4198679895","node_id":"PR_kwDOGO-JJ87PvI9T","number":5055,"state":"closed","title":"nuget-external-id-backend: Bump Microsoft.Identity.Web from 4.6.0 to 4.7.0","user":"dependabot[bot]","labels":["dependencies","nuget","target: Entra ID External ID"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-03T06:27:31.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-03T06:27:25.000Z","updated_at":"2026-04-03T06:27:33.000Z","time_to_close":6,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"nuget-external-id-backend: Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.6.0","new_version":"4.7.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.6.0 to 4.7.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.7.0\n\n## 4.7.0\n\n### Bug fixes\n- Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, `Certificate` extension method in `CredentialDescription` was reverted to normal property.) See [#​3767](https://github.com/AzureAD/microsoft-identity-web/pull/3767).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.6.0...4.7.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.6.0\u0026new-version=4.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/AlesInfiny/maris/pull/5055","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/AlesInfiny%2Fmaris/issues/5055","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/5055/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-03-07T01:08:37.000Z","version_change":null,"issue":{"uuid":"4036869391","node_id":"PR_kwDOC4rwTc7Io03L","number":1545,"state":"open","title":"Bump Microsoft.Identity.Web and Microsoft.Identity.Web.UI","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-07T01:08:37.000Z","updated_at":"2026-03-07T01:08:58.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.Identity.Web.UI","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.4.0 to 4.5.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/commits).\n\u003c/details\u003e\n\nUpdated [Microsoft.Identity.Web.UI](https://github.com/AzureAD/microsoft-identity-web) from 4.4.0 to 4.5.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web.UI's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/commits).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1545","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1545","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1545/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-03-03T13:02:43.000Z","version_change":null,"issue":{"uuid":"4016563535","node_id":"PR_kwDOGSmsxM7Hmi8o","number":3186,"state":"closed","title":"Bump Microsoft.Identity.Web and Microsoft.IdentityModel.Protocols.OpenIdConnect","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-05T20:53:20.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-03T13:02:43.000Z","updated_at":"2026-03-05T20:53:22.000Z","time_to_close":201037,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"Microsoft.IdentityModel.Protocols.OpenIdConnect","repository_url":"https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.0.1 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.0.1...4.4.0).\n\u003c/details\u003e\n\nUpdated [Microsoft.IdentityModel.Protocols.OpenIdConnect](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.14.0 to 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Protocols.OpenIdConnect's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\nCommits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.14.0...8.15.0).\n\u003c/details\u003e\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DFE-Digital/teaching-record-system/pull/3186","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DFE-Digital%2Fteaching-record-system/issues/3186","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/3186/packages"}},{"old_version":"4.3.0","new_version":"4.4.0","update_type":"minor","path":null,"pr_created_at":"2026-03-02T22:53:08.000Z","version_change":"4.3.0 → 4.4.0","issue":{"uuid":"4013732453","node_id":"PR_kwDOFWBTks7HdYzl","number":8419,"state":"closed","title":"Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-03-05T21:14:13.000Z","author_association":null,"state_reason":null,"created_at":"2026-03-02T22:53:08.000Z","updated_at":"2026-03-05T21:14:15.000Z","time_to_close":253265,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.3.0...4.4.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/kiota-samples/pull/8419","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fkiota-samples/issues/8419","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8419/packages"}},{"old_version":"4.3.0","new_version":"4.4.0","update_type":"minor","path":null,"pr_created_at":"2026-03-02T04:14:06.000Z","version_change":"4.3.0 → 4.4.0","issue":{"uuid":"4009175261","node_id":"PR_kwDOO-Ae787HOZnh","number":173,"state":"open","title":"deps: Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-02T04:14:06.000Z","updated_at":"2026-03-02T04:14:07.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"deps: Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.3.0...4.4.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/microsoft/dragon-copilot-extension-samples/pull/173","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fdragon-copilot-extension-samples/issues/173","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/173/packages"}},{"old_version":"4.3.0","new_version":"4.4.0","update_type":"minor","path":null,"pr_created_at":"2026-03-02T03:21:30.000Z","version_change":"4.3.0 → 4.4.0","issue":{"uuid":"4009050501","node_id":"PR_kwDORLHFXM7HOAks","number":13,"state":"open","title":"chore(deps): Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-03-02T03:21:30.000Z","updated_at":"2026-03-02T03:21:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.4.0\n\n### New features\n- Add AOT-compatible web API authentication for .NET 10+. See [#​3705](https://github.com/AzureAD/microsoft-identity-web/pull/3705) and [#​3664](https://github.com/AzureAD/microsoft-identity-web/pull/3664).\n- Propagate long-running web API session key back to callers in user token acquisition. See [#​3728](https://github.com/AzureAD/microsoft-identity-web/pull/3728).\n- Add OBO event initialization for OBO APIs. See [#​3724](https://github.com/AzureAD/microsoft-identity-web/pull/3724).\n- Add support for calling `WithClientClaims` flow for token acquisition. See [#​3623](https://github.com/AzureAD/microsoft-identity-web/pull/3623).\n- Add `OnBeforeTokenAcquisitionForOnBehalfOf` event. See [#​3680](https://github.com/AzureAD/microsoft-identity-web/pull/3680).\n\n### Bug fixes\n- Throw `InvalidOperationException` with actionable message when a custom credential is not registered. See [#​3626](https://github.com/AzureAD/microsoft-identity-web/pull/3626).\n- Fix event firing for `InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync`. See [#​3717](https://github.com/AzureAD/microsoft-identity-web/pull/3717).\n- Update `OnBeforeTokenAcquisitionForOnBehalfOf` to construct `ClaimsPrincipal` from token. See [#​3714](https://github.com/AzureAD/microsoft-identity-web/pull/3714).\n- Add a retry counter for acquire token and updated tests with a fake secret. See [#​3682](https://github.com/AzureAD/microsoft-identity-web/pull/3682).\n- Fix OBO user error handling. See [#​3712](https://github.com/AzureAD/microsoft-identity-web/pull/3712).\n- Fix override merging for app token (and others). See [#​3644](https://github.com/AzureAD/microsoft-identity-web/pull/3644).\n- Fix certificate reload logic to only trigger on certificate-specific errors. See [#​3653](https://github.com/AzureAD/microsoft-identity-web/pull/3653).\n- Update ROPC flow CCA to pass `SendX5C` to MSAL. See [#​3671](https://github.com/AzureAD/microsoft-identity-web/pull/3671).\n\n### Dependencies updates\n- Bump `qs` in `/tests/DevApps/SidecarAdapter/typescript`. See [#​3725](https://github.com/AzureAD/microsoft-identity-web/pull/3725).\n- Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See [#​3730](https://github.com/AzureAD/microsoft-identity-web/pull/3730).\n- Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See [#​3726](https://github.com/AzureAD/microsoft-identity-web/pull/3726).\n- Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See [#​3699](https://github.com/AzureAD/microsoft-identity-web/pull/3699).\n- Update to MSAL 4.81.0. See [#​3665](https://github.com/AzureAD/microsoft-identity-web/pull/3665).\n\n### Documentation\n- Add documentation for auto-generated session key for long-running OBO session. See [#​3729](https://github.com/AzureAD/microsoft-identity-web/pull/3729).\n- Improve the Aspire doc article and skills. See [#​3695](https://github.com/AzureAD/microsoft-identity-web/pull/3695).\n- Add an article and agent skill to add Entra ID to an Aspire app. See [#​3689](https://github.com/AzureAD/microsoft-identity-web/pull/3689).\n- Fix misleading comment in `CertificatelessOptions.ManagedIdentityClientId`. See [#​3667](https://github.com/AzureAD/microsoft-identity-web/pull/3667).\n- Add Copilot explore tool functionality. See [#​3694](https://github.com/AzureAD/microsoft-identity-web/pull/3694).\n\n### Fundamentals\n- Remove unnecessary warning suppression. See [#​3715](https://github.com/AzureAD/microsoft-identity-web/pull/3715).\n- Migrate labs to Lab.API 2.x (first pass). See [#​3710](https://github.com/AzureAD/microsoft-identity-web/pull/3710).\n- Update Sidecar E2E test constants. See [#​3693](https://github.com/AzureAD/microsoft-identity-web/pull/3693).\n- Fix intermittent failures in `CertificatesObserverTests`. See [#​3687](https://github.com/AzureAD/microsoft-identity-web/pull/3687).\n- Add validation baseline exclusions. See [#​3684](https://github.com/AzureAD/microsoft-identity-web/pull/3684).\n- Add dSTS integration tests. See [#​3677](https://github.com/AzureAD/microsoft-identity-web/pull/3677).\n- Fix FIC test. See [#​3663](https://github.com/AzureAD/microsoft-identity-web/pull/3663).\n- Update IdentityWeb version, build logic, and validation. See [#​3659](https://github.com/AzureAD/microsoft-identity-web/pull/3659).\n\n### New Contributors\n* @​XiaoxinMS2 made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3677\n* @​RyAuld made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3687\n* @​agocke made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3664\n* @​MZOLN made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3700\n* @​christian-posta made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3644\n* @​4gust made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3682\n* @​rayluo made their first contribution in https://github.com/AzureAD/microsoft-identity-web/pull/3714\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.3.0...4.4.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Karinateii/PayGuard-AI/pull/13","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Karinateii%2FPayGuard-AI/issues/13","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/13/packages"}},{"old_version":"4.3.0","new_version":"4.4.0","update_type":"minor","path":null,"pr_created_at":"2026-02-28T01:05:06.000Z","version_change":"4.3.0 → 4.4.0","issue":{"uuid":"4003508283","node_id":"PR_kwDOC4rwTc7G89wn","number":1537,"state":"closed","title":"Bump Microsoft.Identity.Web from 4.3.0 to 4.4.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["berviantoleo"],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-02-28T01:05:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-02-28T01:05:06.000Z","updated_at":"2026-02-28T01:05:32.000Z","time_to_close":22,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.3.0","new_version":"4.4.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.3.0 to 4.4.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\nNo release notes found for this version range.\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/commits).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.3.0\u0026new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/bervProject/SimplePasswordManagerService/pull/1537","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bervProject%2FSimplePasswordManagerService/issues/1537","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1537/packages"}},{"old_version":null,"new_version":null,"update_type":null,"path":null,"pr_created_at":"2026-01-13T09:14:06.000Z","version_change":null,"issue":{"uuid":"3807914168","node_id":"PR_kwDOGSmsxM684cdg","number":2976,"state":"open","title":"Bump Microsoft.Identity.Web and 2 others","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-13T09:14:06.000Z","updated_at":"2026-01-17T11:35:46.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","repository_url":"https://github.com/AzureAD/microsoft-identity-web"},{"name":"2 others"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.0.1 to 4.3.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\n## 4.2.0\n\n# What's Changed\n\n## New features\n\n- Added CAE claims support for FIC + Managed Identity. See #​3647 for details.\n- Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.\n\n## Bug fixes\n\n\n- Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.\n- Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.\n- Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.\n- Added meaningful error message when identity configuration is missing. See #​3637 for details.\n\n## Dependencies updates\n\n- Update Microsoft.Identity.Abstractions to version 10.0.0.\n- Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636\n- Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641\n\n## Fundamentals\n\n- Update support policy. #​3656\n- Update agent identity coordinates in E2E tests after deauth. #​3640\n- Update E2E agent identity configuration to new tenant. #​3646\n\n\n**Full Changelog**: https://github.com/AzureAD/microsoft-identity-web/compare/4.1.1...4.2.0\n\n## 4.1.1\n\n### Bug fixes\n- Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See [#​3612](https://github.com/AzureAD/microsoft-identity-web/issues/3612).\n\n### New features\n- Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See [#​3611](https://github.com/AzureAD/microsoft-identity-web/issues/3611).\n\n### Fundamentals\n- Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See [#​3610](https://github.com/AzureAD/microsoft-identity-web/issues/3610).\n\n## 4.1.0\n\n### New features\n- Migrate to .NET 10 GA. [#​3449](https://github.com/AzureAD/microsoft-identity-web/pull/3449) and [#​3590](https://github.com/AzureAD/microsoft-identity-web/pull/3590)\n\n### Dependencies updates\n- Bump MSAL.NET to version [4.79.2](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/releases/tag/4.79.2) and handle changes to deprecated WithExtraQueryParameters APIs. [#​3583](https://github.com/AzureAD/microsoft-identity-web/pull/3583)\n- Update Microsoft.IdentityModel and Abstractions versions. [#​3604](https://github.com/AzureAD/microsoft-identity-web/pull/3604)\n- Update coverlet.collector to 6.0.4. [#​3587](https://github.com/AzureAD/microsoft-identity-web/pull/3587)\n- Update package validation baseline version to 4.0.0. [#​3589](https://github.com/AzureAD/microsoft-identity-web/pull/3589)\n- Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. [#​3595](https://github.com/AzureAD/microsoft-identity-web/pull/3595)\n\n### Entra ID SDK sidecar\n- Restrict hosts to localhost for sidecar. [#​3579](https://github.com/AzureAD/microsoft-identity-web/pull/3579)\n- Update http file to match endpoints. [#​3555](https://github.com/AzureAD/microsoft-identity-web/pull/3555)\n- Revise sidecar issue template for Entra ID. [#​3577](https://github.com/AzureAD/microsoft-identity-web/pull/3577)\n\n### Documentation\n- Update README to include Entra SDK container info. [#​3578](https://github.com/AzureAD/microsoft-identity-web/pull/3578)\n\n### Fundamentals\n- Include NET 9.0 in template-install-dependencies. [#​3593](https://github.com/AzureAD/microsoft-identity-web/pull/3593)\n- Fix CodeQL alerts. [#​3591](https://github.com/AzureAD/microsoft-identity-web/pull/3591)\n- Suppression file is needed. [#​3592](https://github.com/AzureAD/microsoft-identity-web/pull/3592)\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.0.1...4.3.0).\n\u003c/details\u003e\n\nPinned [Microsoft.IdentityModel.Protocols.OpenIdConnect](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) at 8.15.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.IdentityModel.Protocols.OpenIdConnect's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._\n\n## 8.15.0\n\n## New Features\n- **Add ECDsa support in `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey`**  \n  Extended `X509SecurityKey` and `JsonWebKeyConverter.ConvertFromX509SecurityKey` to support ECDSA keys.  \n  See PR [#​2377](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2377) for details.\n\n## Bug Fixes\n- **Sanitize logs to avoid leaking sensitive data**  \n  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.  \n  See PR [#​3316](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3316) for details.\n- **Optimize log sanitization with `SearchValues`**  \n  Improved the performance of the log sanitization logic introduced earlier by using `SearchValues`, making sanitization more efficient in high-throughput scenarios.  \n  See PR [#​3341](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3341) for details.\n- **Update test for `IDX10400`**  \n  Adjusted the `IDX10400` test to align with the current behavior and error messaging.  \n  See PR [#​3314](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3314) for details.\n\n## Fundamentals\n- **Add supported algorithm tests**  \n  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.  \n  See PR [#​3296](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3296) for details.\n- **Migrate repository agent rules from `.clinerules` to `agents.md`**  \n  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.  \n  See PR [#​3313](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3313) for details.\n- **Migrate `Microsoft.IdentityModel.TestExtensions` from Newtonsoft.Json to System.Text.Json**  \n  Updated `Microsoft.IdentityModel.TestExtensions` to use `System.Text.Json` instead of `Newtonsoft.Json`, aligning tests with the runtime serialization stack.  \n  See PR [#​3356](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3356) for details.\n- **Disable code coverage comments**  \n  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.  \n  See PR [#​3349](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3349) for details.\n- **Fix CodeQL alerts**  \n  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.  \n  See PR [#​3364](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3364) for details.\n\n### .NET 10 / SDK and tooling updates\n- **Building with .NET 10 preview / RC 1**  \n  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.  \n  See PRs [#​3287](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3287), [#​3357](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3357), and [#​3358](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3358) for details.\n- **Fix .NET 10 test execution consistency**  \n  Ensured consistent use of the `TargetNetNext` parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.  \n  See PR [#​3337](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3337) for details.\n- **Update project files and workflows for .NET 10.0 compatibility**  \n  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.  \n  See PR [#​3363](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3363) for details.\n- **Update .NET version to meet CG compliance**  \n  Updated the .NET version references to be compliant with corporate governance (CG) requirements.  \n  See PR [#​3353](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3353) for details.\n- **Update Coverlet collector and test SDK**  \n  - Bumped `CoverletCollectorVersion` to 6.0.4.  \n    See PR [#​3333](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3333) for details.  \n  - Upgraded `Microsoft.NET.Test.Sdk` to a newer version for improved test reliability and tooling support.  \n ... (truncated)\n\n## 8.14.0\n\n8.14.0\n====\n## Bug Fixes\n- Switch back to use `ValidationResult` instead of `OperationResult` when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See [#​3299](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3299) for details.\n\n## 8.13.1\n\n8.13.1\n====\n## Dependencies\nMicrosoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0\n\n## Bug Fixes\n- Fixed a decompression failure happening for large JWE payloads. See [#​3286](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3286) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See [#​3284](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3284) for details.\n\n8.13.0\n\n## 8.13.0\n\n8.13.0\n====\n### Fundamentals\n- `CaseSensitiveClaimsIdentity.SecurityToken` setter is now protected internal (was internal). See PR [#​3278](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278) for details.\n- Update .NET SDK version to 9.0.108 used when building or running the code. See PR [#​3274](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274) for details.\n- Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See [#​3280](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280) for details.\n\n## What's Changed\n* Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3278\n* Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n* Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3280\n* changelog for 8.13 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3282\n\n## New Contributors\n* @​Copilot made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3274\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.1...8.13.0\n\n## 8.12.1\n\n8.12.1\n====\n### Fundamentals\n- Update .NET SDK version to 9.0.107 used when building or running the code. See [#​3263](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263) for details.\n- To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR [#​3261](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261) for details.\n- Experimental code leaked into TokenValidationResult from early prototypes. See PR [#​3259](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259) for details.\n\n## What's Changed\n* Remove experimental code from TokenValidationResult by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3259\n* Moved files to experimental folder by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3261\n* Update global.json to latest by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3263\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.12.0...8.12.1\n\n## 8.12.0\n\n8.12.0\n====\n\n## New Features\n- **Enhance ConfigurationManager with event handling**  \n  Added event handling capabilities to the `ConfigurationManager`, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see [#​3253](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3253)  \n\n## Bug Fixes\n- **Add expected Base64UrlEncoder.Decode overload for NET6 and 8**  \n  Introduced the expected overload of `Base64UrlEncoder.Decode` for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.  \n  For details see [#​3249](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3249)  \n\n## Fundamentals\n- **Add AI assist rules**  \n  Incorporated AI assist rules to enhance AI agents effectiveness.  \n  For details see [#​3255](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255)  \n- **Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0**  \n  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).  \n  For details see [#​3256](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256)  \n- **Move suppression of RS006 to csproj**  \n  Centralized suppression of RS006 warnings in project files for easier management.  \n  For details see [#​3230](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230)\n\n## What's Changed\n* Move suppression of RS006 to csproj. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3230\n* Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3250\n* add ai assist rules by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3255\n* Enhance ConfigurationManager with event handling by @​GeoK in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3254\n* Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3256\n* Update CHANGELOG.md for 8.12.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3258\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.11.0...8.12.0\n\n## 8.11.0\n\n8.11.0\n=====\n## New Features:\n- Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue [#​3245](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3245) for details.\n- Added a new public async API: `JsonWebTokenHandler.DecryptTokenWithConfigurationAsync`, which decrypts a JWE token using keys from either `TokenValidationParameters` or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR [#​3243](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3243) for details.\n\n## What's Changed\n* few updates by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3242\n* Changelog for 8.10.0 by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3241\n* Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3244\n* update current version to 8.10.0 by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3246\n* Add DecryptTokenWithConfiguration API by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3243\n* changelog for 8.11 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3248\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.10.0...8.11.0\n\n## 8.10.0\n\n8.10.0\n=====\n## Bug Fixes\n- Corrected casing of the Type attribute in SubjectConfirmationData. See [#​3206](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3206).\n- Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See [#​3220](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/33784b8ec0ff4300efad788535f90b3adc5bdfd1).\n- Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See [#​3226](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/793bd34e945eb8ba7528cf87c4a29a29c4704a65).\n\n## Fundamentals\n- Introduced Long-Term Support (LTS) policy. See [#​3228](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/946bec18cdeb26b8133a04e8c056dd5f17588f89) and [#​3232](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/commit/14842aedb3d57c32b9ce784061cd9beccbdd1eb1).\n\n## 8.9.0\n\n8.9.0\n=====\n## Bug Fixes\n- syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3213.\n- Fixed a null reference issue in KeyInfo. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3203.\n\n## New Features\n- Introduced a new delegate for reading custom token payload values on JsonWebToken. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2981.\n- Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3205.\n\n## Fundamentals\n- Utilized IList to avoid enumerator allocation during audience validation. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3204.\n\n## 8.8.0\n\n8.8.0\n=====\n## New Features\n- Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the `Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking` switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR [#​3193](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3193) for details.\n- Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the `Switch.Microsoft.IdentityModel.DoNotScrubExceptions` AppContextSwitch. See PR [#​3195](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3195) and https://aka.ms/identitymodel/app-context-switches for details.\n- Change all plain object locks to `System.Thread.Lock` objects for .NET 9 or greater. See PRs [#​3185](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3185) and [#​3189](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3189) for details.\n\n\n## 8.7.0\n\n## Bug Fixes\n- Add back internal methods `IsRecoverableException` and `IsRecoverableExceptionType` whose signatures were changed in the previous version. See [#​3181](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3181).\n\n## New Features\n- Make `Cnf` class public and move it to Microsoft.IdentityModel.Tokens package. See [#​3165](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3165).\n\n## What's Changed\n* Post Release 8.6.1 cleanup  by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3160\n* Updates CodeQL.yaml to exclude test files by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3163\n* Adds explanation for CodeQL warnings by @​sruke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3167\n* Fix typo by @​rstm-sf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n* Need to change the locks by @​JoshLozensky in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3171\n* Move CNF from SHR to M.IM.Tokens by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3168\n* Add back IsRecoverableException methods. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3183\n* Revert \"Need to change the locks\" by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3186\n* 8.7.0 changelog by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3184\n\n## New Contributors\n* @​rstm-sf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3175\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.1...8.7.0\n\n## 8.6.1\n\n8.6.1\n=====\n## Bug fix\n- Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue [#​3148](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3148) for details.\n- Fix a bug in `JsonWebTokenHandler` where `JwtTokenDecryptionParameters`'s `Alg` and `Enc` were not set during token decryption, causing `IDX10611` and `IDX10619` errors to show null values in the messages. See issue [#​3003](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3003) for details.\n\n## Fundamentals\n- For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue [#​2995](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2995) for details.\n\n## What's Changed\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3145\n* Update the public API shipped files by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3146\n* Add global.json file by @​mdchennu in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* Trigger metadata refresh for token decryption errors by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3149\n* Populate error messages correctly from JwtTokenUtilities.DecryptJwtToken by @​ksaaf in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n* first changelog update by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3156\n\n## New Contributors\n* @​mdchennu made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3153\n* @​ksaaf made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3152\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.6.0...8.6.1\n\n## 8.6.0\n\n8.6.0\n=====\n## New Features\n- TokenValidationParameters has a new boolean property `TryAllDecryptionKeys` that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to **true** (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See [#​3128](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128)\n- Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See [#​3140](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140)\n\n## Fundamentals\n* Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See [3143](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143)\n* Add more tests for encrypted tokens. See [#​3139](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139)\n\n## What's Changed\n* Update CHANGELOG.md by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3133\n* Update version.props to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3137\n* Add TryAllDecryptionKeys flag to whether decrypt if no key IDs match by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3128\n* Change KeyInfo.MatchesKey from internal to protected internal virtual. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3140\n* Fix #​3112 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3143\n* Add more auto-decryption related tests by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3139\n* Update changelog.md for 8.6.0 by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3144\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.5.0...8.6.0\n\n## 8.5.0\n\n8.5.0\n=====\n## Reverting previous breaking change\n- The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that [adding IDisposable is a breaking change](https://learn.microsoft.com/en-us/dotnet/fundamentals/runtime-libraries/system-idisposable), so we are following [semver guidance](https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version) and reverting and releasing a minor version (8.5.0).\n- Cherry-picked Changes: Included changes from PR [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) and [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104).\n\n## What's Changed\n* Update version.props by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3126\n* fix formatting error by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3134\n* Revert configuration manager to 8.3.1 by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3132\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.4.0...8.5.0\n\n## 8.4.0\n\n8.4.0\n=====\n## New Features\n- App context switch allows blocking or non-blocking calls for configuration. See PR [#​3106](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3106) for details and issue [#​3082](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3082) for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.\n- IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See [#​3094](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3094) for details.\n- IdentityModel now allows specifying the HTTP protocol version and version policy. See [#​2808](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2808) for details.\n\n## Repair items\n- Add request count and duration telemetry for configuration requests. See [#​3022](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3022) for details.\n- `KeyID` should be present in exception messages and is no longer PII. See [#​3104](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3104) for details.\n\n## Fundamentals\n- Fix spelling issues in xml comments. See [#​3117](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3117) for details.\n- Fix comment coverage in PR builds. See [#​3079](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3079) for details.\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- See [#​3056](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3056). [#​3100](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3100), [#​3017](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3107), and [#​3111](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3111).\n- Add internal virtual on TokenHandler. See [#​3084](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3084) for details.\n\n* @​prochnowc made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2809\n\n## 8.3.1\n\n8.3.1\n=====\n## Bug Fixes\n* Respect TVP.RequireAudience when set to false. See [#​3055](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055)\n* For net4.6.2 select RSACng for PSS support. See [#​3097](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3097)\n* Fix package downgrade in consuming libraries. See[#​3062](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062)\n* Fix integer overflow in `AuthenticationEncryptionProvider.cs`. See [#​3063](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063)\n\n## Fundamentals\n* Removed unused property on JsonWebToken ClaimsIdentity. See [#​3071](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/3071) for details.\n* Upgrade to C# 13. See [#​2998](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998)\n* Use new Base64Url API. See [#​22817](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817)\n* Add warning quality check. See [#​3067](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067)\n* Update dotnet actions. see [#​3074](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074)\n* Fix warnings. See [#​3081](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081)\n* Test updates in JsonWebToken. See [#​3080](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​3027](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027), [#​3028](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028), [#​3051](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051), [#​3054](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054)\n\n## What's Changed\n* Update CHANGELOG.md by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3053\n* Extensibility tests: Audience - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3027\n* Extensibility tests: Lifetime - JWT, SAML and SAML2 by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3028\n* Implement lazy ClaimsIdentity creation from ValidatedToken on SAML and SAML2 on the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3051\n* Add logging to the new validation model by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3054\n* update version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3057\n* lower version to avoid downgrades. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3058\n* Respect TVP.RequireAudience when set to false by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3055\n* Fix package downgrade in consuming libraries by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3062\n* Add slnf for running perf and stress tests by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3066\n* Add Warning Quality Check Build Task 🔨 by @​kllysng in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3067\n* Update template-Build-run-tests-sign.yml by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3069\n* Removed unused property on JsonWebToken by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3072\n* Update setup dotnet actions by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3074\n* fixed #​2983 and re-add code coverage comments to PRs by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3076\n* Remove duplicate keyid into var keysAttempted by @​bdapoigny in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* Upgrade to C# 13 by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2998\n* Use new Base64Url API by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2817\n* Update common.props by @​ciaozhang in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3078\n* fix warnings by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3081\n* Fixed integer overflow in AuthenticatedEncryptionProvider.cs by @​gparametr in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n* Test updates by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3080\n* For net4.6.2 select RSACng for PSS support. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3085\n* changelog for 8.3.1 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3098\n\n## New Contributors\n* @​bdapoigny made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2899\n* @​gparametr made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3063\n\n ... (truncated)\n\n## 8.3.0\n\n## New features\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n* SAML and SAML2 new model validation: Token Replay. See [#​2994](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2994)\n* Extensibility tests: Token Type - JWT ([#​3030](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3030)), Issuer - SAML and SAML2 ([#​3026](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3026)), Algorithm and Signature - JWT, SAML and SAML2 ([#​3034](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3034)), Token Replay - JWT, SAML and SAML2 ([#​3032](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3032)),  Issuer signing key - JWT, SAML and SAML2 ([#​3029](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/302))\n* Avoid code duplication in extensibility testing. See [#​3041](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3041)\n* Extensibility Testing: Refactor. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3011\n* Remove duplicate code in extensibility tests. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3044\n\n## Bug fixes\n* Fix bug with AadIssuerValidator. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n* Fixed SignedHttpRequest flaky test. See [#​3037](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3037)\n \n## Fundamentals\n* Install all .NET versions in pipeline to fix run tests task. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3018\n* Changelog for 8.2.1. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3009\n* Remove unnecessary AoT test project. See in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3045\n* Fix powershell script for nuget update. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3046\n* Update to next version. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3010\n* Disable Coverage PR comments. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3048\n* Updates GitHub Action to support long paths, See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3049\n* Stack parameters to improve reading of code. See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3031\n\n## New Contributors\n* @​ssmelov made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3042\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.1...8.3.0\n\n## 8.2.1\n\n8.2.1\n=====\n### New features\n- Update to use .NET 9 GA. See [2990](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990).\n\n### Bug fixes\n- Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets. See [2935](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935).\n- Update cgmanifest to align with the JSON schema. See [2969](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969).\n\n### Fundamentals\n- Streamline token creation in `SecurityTokenDescriptor`. See [2993](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2993).\n- Prevent inlining to guarantee stack frames in test. See [2999](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2999).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Simplify stack frame caching. See [2976](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976).\n- Implement reading SAML and SAML2 tokens. See [2980](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980).\n- Implement validating SAML signature. See [2950](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2950).\n- Add tests for `IssuerExtensibility`. See [2987](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987).\n- Add validation for SAML and SAML2 issuer signing key. See [2965](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965).\n- Add validation for SAML and SAML2 algorithm. See [2984](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984).\n\n## What's Changed\n* Microsoft.Rest.ClientRuntime has been deprecated, which results in so… by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2970\n* Update to next version after 8.2.0 release by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2975\n* Consolidating test statics by @​trwalke in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2956\n* New token validation model: Simplify stack frame caching by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2976\n* Remove dependency on Microsoft.Bcl.TimeProvider for .NET 8+ targets by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2935\n* Update cgmanifest to align with the JSON schema by @​jeffhandley in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n* SAML and SAML2 new model validation: Read Token by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2980\n* SAML2 new model validation: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2961\n* JsonWebTokenHandler IssuerExtensibility by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2987\n* SAML and SAML2 new model validation: Issuer Signing Key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2965\n* Ignore AotCompatibilityTests on ADO by @​jmprieur in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2992\n* SAML and SAML2 new model validation: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2984\n* Use SecurityTokenDescriptor when creating tokens by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2991\n* Prevent inlining to guarantee stack frames in test by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3002\n* Update to .NET 9 GA. Update some test dependencies. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2990\n* Add Abstractions.Tests to strong name bypass file. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3004\n\n## New Contributors\n* @​jeffhandley made their first contribution in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2969\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.2.0...8.2.1\n\n## 8.2.0\n\n8.2.0\n=====\n### Fundamentals\n- Update System.Text.Json to 8.0.5 CVE-2024-43485. See [2892](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892).\n- Using FixedTimeEquals in NETCore targets. See [2857](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857).\n- Updated .NET 9 to RC 2 [2898](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898).\n- Adds ability to create token without kid [2968](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2968)\n- Enables code coverage in PRs [2946](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2946)\n- Various test improvements:\n- [#​2953](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2953)\n- [#​2955](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2955)\n- [#​2951](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951)\n- [#​2952](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952)\n- [#​2947](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947)\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- Validates Audience for SAML2TokenHandler with New Model [2863](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863)\n- Improvements to AudienceValidation [2902](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902)\n- Added properties to ValidationResult [2923](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923)\n- Implements Audience and Lifetime validations in SamlSecurityTokenHandler [2925](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925)\n- Implements Issuer validation in SamlSecurityTokenHandler [2948](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2948)\n\n## What's Changed\n* update to next version by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2890\n* Use FixedTimeEquals in NETCore targets  by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2857\n* Update System.Text.Json to 8.0.5 CVE-2024-43485 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2892\n* Update .NET 9 to RC 2 by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2898\n* Validate Audience for SAML2TokenHandler with New Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2863\n* Regression tests: Issuer by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2868\n* Mark Wilson APIs as Shipped by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2903\n* Add Tests for Lifetime Validation Using New Validation Model For SAML2 by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2906\n* Suggested changes to AudienceValidation by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2902\n* Extensibility tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2861\n* Added properties to ValidationResult without throwing by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2923\n* Extensibility tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2867\n* Regression tests: Issuer signing key by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2927\n* Do not serialize CaseSensitiveClaimsIdentity.SecurityToken. by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2896\n* Fix typo by @​westin-m in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2894\n* Implement and Test Audience and Lifetime validations in SamlSecurityTokenHandler with New Validation Model by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2925\n* Fix Flaky Tests: NameAndRoleClaimDelegates and RoleClaims by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2873\n* Regression tests: Signature by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2930\n* Validate Issuer Using New Validation Model in Saml2SecurityTokenHandler by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2929\n* Fix builds on macOS / Linux using the build.sh script by @​filipnavara in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2937\n* Regression tests: Algorithm by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2934\n* Regression tests: Token Type by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2932\n* Regression tests: Token Replay by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2931\n* Fix DevEx and IDDP builds such that when building internally, use an internal Nuget feed instead of nuget.org by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2936\n* Restore PopKeyResolvingTests.GetPopKeysFromJkuAsync by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2947\n* Restore skipped test: ReferenceCountingTest_MultiThreaded by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2952\n* Restore EnsureAotCompatibility test by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2951\n ... (truncated)\n\n## 8.1.2\n\n## What's Changed\n\n### Bug fixes\n\n* CaseSensitiveClaimsIdentity.Clone() now returns a `CaseSensitiveClaimsIdentity` as expected, by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2879\n* Multiple unused and unusable (for the moment) public APIs were removed. These were introduced by mistake leaking from the work done on logging and exception handling, by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2888\n\n### Fundamentals\n* Enabled PublicApiAnalyzers to better understand and trace changes to the public API, by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2782\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.1...8.1.2\n\n## 8.1.1\n\n8.1.1\n=====\n### Bug fixes\n- Fix bug where ConfigurationManager was updating keys too frequently. See [2866](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2866) for details.\n\n## What's Changed\n* Rename validation delegates by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2847\n* Remove TransformBeforeSignatureValidationDelegate from ValidationParameters by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2848\n* Add disable discovery enumeration = true to all theory tests by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2849\n* Make CaseSensitiveClaimIdentity serializable by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2850\n* Remove Obsolete BinaryFormatter  by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2851\n* Refactor ValidateConditions in Saml2SecurityTokenHandler by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2855\n* Set custom BenchmarkDotNetconfig as default by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2852\n* Regression tests: Audience by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2838\n* Fix ValidateJsonWebTokenClaimMapping Flaky Test 🐞 by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2859\n* update current version by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2862\n* Regression tests: Lifetime by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2839\n* Rename ResolveTokenDecryptionKeyDelegate to DecryptionKeyResolverDelegate by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2869\n* Set internal _syncAfter using only AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2865\n* 8.1.1 Changelog by @​kellyyangsong in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2864\n* Adjust for RefreshInterval not influencing AutomaticRefreshInterval. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2870\n\n\n**Full Changelog**: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.1.0...8.1.1\n\n## 8.1.0\n\n8.1.0\n=====\n### Performance improvements\n- Improves performance during issuer validation by replacing string comparison with span comparison. See PR [#​2826](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2826).\n\n### New features\n- Add optional check to prevent using keys that are shared across multiple clouds. See issue [#​2832](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2832) for details.\n\n### Bug fixes\n- JsonWebTokenHandler would only return unwrapped keys if there was no errors. This change is to align with the behavior in JwtSecurityTokenHandler, that is it returns the keys that were able to be unwrapped, and only throw if no keys were able to be unwrapped. See issue [#​2695](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2695) for details.\n\n### Fundamentals\n- Fix flaky tests. See [#​2793](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2793) for details.\n- Update XUnit versoin and fix test warnings due to new XUnit analyzers. See PR [#​2796](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796) for details.\n- Onhboard to code coverage in ADO. See PR [#​2798](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798).\n- Use `IsTargetFrameworkCompatible(*)` so AOT is forward-compatible with .NET 9 and beyond. See PR [#​2790](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790) for details.\n- Fix a merge conflict impacting dev. See PR [#​2819](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819).\n- Defining the following attribute in multiple assemblies (.Tokens, .Logging) causes an internal error.\n[DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]. See PR [#​2820](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820).\n- Remove perl dependency. See PR [#​2830](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2830).\n\n### Work related to redesign of IdentityModel's token validation logic [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2711)\n- [#​2794](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794)\n- [#​2800](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800)\n- [#​2810](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810)\n- [#​2811](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811)\n- [#​2816](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816)\n- [#​2822](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822)\n- [#​2815](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815)\n- [#​2818](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2818)\n- [#​2813](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2813)\n- [#​2827](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2827)\n\n## What's Changed\n* changelog 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2792\n* Update version.props to 8.0.2 by @​jennyf19 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2791\n* Fix Async Issue in Extensibility Tests by @​FuPingFranco in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2795\n* Update xUnit version and fix test warnings by @​pmaytak in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2796\n* ValidateTokenAsync - New Path: Refactor result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2794\n* Onboard to code coverage in ADO by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2798\n* Exception refinement: Adding additional information by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2800\n* Add initial regression tests for the new validation path by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2810\n* Use IsTargetFrameworkCompatible() by @​martincostello in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2790\n* Regression tests: Added inner exception detail and invalid signature failure due to invalid algorithm used by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2811\n* Return unwrapped keys if able by @​keegan-caruso in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2812\n* New token validation path: Renamed result types by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2816\n* Fix merge conflict by @​msbw2 in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2819\n* Removed attribute that causes issues with internal builds. by @​brentschmaltz in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2820\n* Add missing exception type to ValidationError -\u003e GetException() by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2822\n* Regression testing: Add JWE use cases by @​iNinja in https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2815\n ... (truncated)\n\n## 8.0.2\n\n8.0.2\n=====\n\n### Security fundamentals\n- Add `BannedApiAnalyzers` to prevent use of `ClaimsIdentity` constructors. See PR [#​2778](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2778) for details.\n\n### Bug fixes\n- IdentityModel now allows the JWT payload to be an empty string. See issue [#​2656](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2656) for details.\n- Cache `UseRfcDefinitionOfEpkAndKid` switch. See PR [#​2747](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2747) for details.\n- Method was named `DoNotFailOnMissingTid` in 7x and `DontFailOnMissingTid` in 8x, adding the method for back compat. See issue [#​2750](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/2750) for details.\n- Metadata is now updated on a background thread. See [#​2780](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2780) for details.\n- `JsonWebKeySet` stores the original string it was created with. See PR [#​2755](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2755) for details.\n- Restore AOT compatibility. See [#​2711](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2711).\n- Fix OpenIdConnect parsing bug. See [#​2772](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2772) for details.\n- Remove the lock on creating a `SignatureProvider`. See [#​2788](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/2788) for deta.....\n\n_Description has been truncated_","html_url":"https://github.com/DFE-Digital/teaching-record-system/pull/2976","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DFE-Digital%2Fteaching-record-system/issues/2976","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2976/packages"}},{"old_version":"4.2.0","new_version":"4.3.0","update_type":"minor","path":null,"pr_created_at":"2026-01-08T07:18:43.000Z","version_change":"4.2.0 → 4.3.0","issue":{"uuid":"3791690454","node_id":"PR_kwDOIk5VP868D2Ii","number":856,"state":"open","title":"Bump Microsoft.Identity.Web from 4.2.0 to 4.3.0","user":"dependabot[bot]","labels":["dependencies",".NET"],"assignees":["frasermolyneux"],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-01-08T07:18:43.000Z","updated_at":"2026-01-08T07:21:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"Microsoft.Identity.Web","old_version":"4.2.0","new_version":"4.3.0","repository_url":"https://github.com/AzureAD/microsoft-identity-web"}],"path":null,"ecosystem":"nuget"},"body":"Updated [Microsoft.Identity.Web](https://github.com/AzureAD/microsoft-identity-web) from 4.2.0 to 4.3.0.\n\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\n_Sourced from [Microsoft.Identity.Web's releases](https://github.com/AzureAD/microsoft-identity-web/releases)._\n\n## 4.3.0\n\n### New features\n- Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See [#​3622](https://github.com/AzureAD/microsoft-identity-web/pull/3622).\n\n### Dependencies updates\n- Bumped **qs** from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See [#​3660]( https://github.com/AzureAD/microsoft-identity-web/pull/3660).\n\n### Documentation\n- Modernized Identity Web documentation, which is now can be found in [docs](https://github.com/AzureAD/microsoft-identity-web/tree/master/docs). See [#​3566](https://github.com/AzureAD/microsoft-identity-web/pull/3566).\n- Added token binding (mTLS PoP) documentation. See [#​3661](https://github.com/AzureAD/microsoft-identity-web/pull/3661).\n\nCommits viewable in [compare view](https://github.com/AzureAD/microsoft-identity-web/compare/4.2.0...4.3.0).\n\u003c/details\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Microsoft.Identity.Web\u0026package-manager=nuget\u0026previous-version=4.2.0\u0026new-version=4.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/frasermolyneux/portal-servers-integration/pull/856","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/frasermolyneux%2Fportal-servers-integration/issues/856","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/856/packages"}}]}