4.66.1

Bug Fixes

• Fixed a bug where MSAL .NET fails to correctly handle the expires_on field for Managed Identity tokens in ISO 8601 format. This fix ensures accurate parsing of ISO 8601 date-time formats during token acquisition. See Issue #4963

4.66.0

4.66.0

New Features

• Enabled extended functionality in the MSAL authentication flow through the implementation of IAuthenticationOperation. This allows for custom extensions in the authentication flow by providing an authentication operation interface. See Issue #4956
• MSAL.NET will now opt-in to regional ESTS when the environment variable MSAL_FORCE_REGION is set (e.g., MSAL_FORCE_REGION=eastus). This automatically directs MSAL to use the specified region for token acquisition. If the region is explicitly set to "DisableMsalForceRegion", MSAL will not opt-in to regional ESTS. Use of the WithAzureRegion(xyz) API takes precedence over the environment variable. See Issue #4930

4.65.2-Preview

• Refactored CDT Prototype
• Moved prototype to separate folder
• Removed dependency on MSAL internals

4.65.0

New Features

• Update telemetry to include the caller SDK details. See Issue #4863
• MSAL.Net now exposes an API to enable developers to cache additional values in the token response. See Issue #4922
• Managed identity .WithClaims() and .WithClientCapabilities() APIs are now generally available. See Issue #4921

Bug Fixes

• Fix a bug where MSAL .Net fails for DSTS authority when using .WithTenantIdFromAuthority(). See Issue #4927

4.64.1

Fix for 4913 - sendX5C for ROPC CCA (#4917)

* Fix for 4913 - sendX5C for ROPC CCA

* fix

4.64.0

4.64.0

New Features

• Added managed identity support for Azure ARC on Linux. See Issue #4358
• Added Username and password support for confidential clients. See Issue #3774

Bug Fixes

• Resolved SHA2 issues that break custom claims during authentication flows. See Issue #4868

4.63.0

New Features

• Implemented Claims API to Bypass Cache When Claims are Present in MSAL with Managed Identity. This is still an experimental API and may change in the future. See Issue #4845

Bug Fixes

• Fixed an issue where SHR POP tokens were broken due to an invalid algorithm. The algorithm has been corrected to PS256 from RS256. See Issue #4839

4.62.0

New Features

• Updated the Service Fabric managed identity flow to validate the server certificate. See Issue #4462
• Updated MSAL exception when server returns 500 to include request URI. See Issue #4412
• Removed unused telemetry headers WithClientTelemetry and last_telemetry header. See Issue #4815

Bug Fixes

• Fix for silent token acquisition failing after device code flow when broker is enabled. See Issue #4786
• Fix the computation of TotalDurationInMs for linux platform. See Issue #4784
• Added 'haschrome=1' to avoid unexpected back buttons on the first page in embedded browser. See Issue #4836

4.61.3

Bug Fixes

• Exclude the use of WSTrust for ROPC flow except for AAD authorities. See Issue #4791

4.61.2

Bug Fixes

• Fixed a regression in MSAL 4.61.1 where Proof of Possession (POP) extensibility API was made available for all the confidential client scenarios caused runtime exception for users using higher level SDKs with explicit dependency on MSAL. See 4789
• Measurement of duration in milliseconds is now consistent across all platforms. See 4784