10.0.0

10.0.0

Breaking changes

Rename IAuthorizationHeaderProvider2 to BoundAuthorizationHeaderProvider. This interface extends IAuthorizationHeaderProvider to create authorization headers with a token which is optionally bound to a certificate (for mTLS Pop). For details, see PR #232

In practice, it's unlikely that this breaking change affects anybody as the renamed interface was new in 9.6.0, and not yet used to the team's knowledge.

9.6.0

New features

• Added new authorization header provider interface IAuthorizationHeaderProvider2 supporting token return with binding certificate, expanding certificate-based authentication scenarios. For details, see PR #223 and PR #228.
• In the ID property of CredentialDescription, renamed ClientSecret to RedactedClientSecret to be more precise about what this is. For details, see PR #224.
• Added "Thumbprint" to the ID property in CredentialDescription, enhancing traceability for credentials. For details, see PR #212.

Improvements and fundamentals

• Updated support to .NET 10 GA, ensuring compatibility and access to latest platform features. For details, see PR #226.
• Upgraded GitHub Actions workflows to v5 for both checkout and setup-dotnet, improving CI reliability and consistency. For details, see PR #222.
• Synchronized README.md diagrams with the current public API surface to keep documentation up to date. See PR #220.
• Fixed tests affected by recent internal changes. See PR #221.

9.5.0

9.5.0

New features

• Expand Authorization header to support binding certificate for mTLS scenarios. For Details see #209

Fundamentals

• Migrate repository agent rules from .clinerules to agents.md. For details, see #206

9.4.0

New features

• Add AdditionalResponseParameters and BindingCertificate to AcquireTokenResult. For details see PR 203
• Add conditional targeting for NET 10. See PR 202
• Add enum value for managed certificate in SourceType. For details, see PR 204

New Contributors

• @tlupes made their first contribution in #204

9.3.0

9.3.0

New features

Added a new interface IAuthenticationSchemeInformationProvider to get the effective authentication scheme corresponding to an option name, depending on the platform. For details, see PR #200

9.2.0: changelog.md with recent changes since May 17th (#197)

9.2.0

New features

• OperationResult and OperationError abstractions:
  Introduced a new OperationResult<TResult, TError> struct and OperationError base class. These provide a discriminated union for representing either a result or an error, improving error handling and propagation.
  See implementation in src/Microsoft.Identity.Abstractions/Results/OperationResult.cs and OperationError.cs.

• DownstreamApiOptions extensibility:
  Added two new properties to DownstreamApiOptions:

  • ExtraHeaderParameters (IDictionary<string, string>?): Set extra headers in HTTP requests to downstream APIs.
  • ExtraQueryParameters (IDictionary<string, string>?): Set extra query parameters in HTTP requests to downstream APIs.
    This enables more flexible API calls and improved integration scenarios.

Fundamentals

• Development guidelines and Copilot integration:

  • Introduced .clinerules/abstractions-guidelines.md, .clinerules/csharp-guidelines.md, .clinerules/ai-guidelines.md, and .github/copilot-instructions.md to formalize and document development, AI assistant, and C# code standards for contributors and tooling.
  • Solution file and README updated to reference these guidelines.

• Analyzer and dependency updates:

  • Bumped analyzer versions in Directory.Build.props for better static analysis (BannedApiAnalyzers and MicrosoftCodeAnalysisPublicApiAnalyzers updated from 3.3.4 to 4.14.0).

9.1.0: Update Directory.Build.props (#188)

9.1.0

New features

• Add a new generic IAuthorizationHeaderProvider to have the possiblity of returning authorization header and metadata or error instead of throwing. For details see #172
• Add Algorithm property to CredentialDescription to describe signing credentials. For details see #182
• Adding serializer for CredentialDescription in .NET 8+. See #176

Fundamentals

• Add dev container to work in Code Spaces. See PR #175
• Adding a doc about CredentialDescription. See PR #181
• Fixing AoT warnings: part 1 - non breaking. See PR #187
• update Readme.md to explain the support policy for the library and the notion of LTS. See PRs 171, 183, , 185

9.0.0

9.0.0

New features

• Added a new class named MicrosoftEntraApplicationOptions inheriting from IdentityApplicationOptions and from which MicrosoftIdentityApplicationOptions inherits. Moved the EntraID specific properties related to web APIs from MicrosoftIdentityApplicationOptions to MicrosoftEntraApplicationOptions. MicrosoftIdentityApplicationOptions now only contains the
  properties related to web apps and B2C. See #165 for details.
• Added a Name property in MicrosoftEntraApplicationOptions to allow for dynamic discovery of ASP.NET Core authentication schemes / named options. See #168 for details.
• Changed the way the ID property is computed in ClientCredentials. All sensitive data is also now replaced by a hash. See #163 for details.
• Added XML comments with recommendations on which CredentialSource not to use in production. See #167 for details.

8.2.0

8.2.0

New feature:

• To support Federated Managed Identities a new parameter FmiPath was added to AcquireTokenOptions. See #161 for details.

8.1.1

8.1.1

**