- Add native auth instructions to error description when reset password required is returned (#2582)
- Save error received from ESTS, and return it to the client on silent broker calls (#2379)
- Support web_page_uri (#2384)
- Support extra query parameters on logout endpoint (#2339)
- Add support functions to help broker improve cross cloud experience (#2361)
- Support extra query parameters on logout endpoint (#2339)
- Parse and add STS error codes in token error result (#2319)
- VisionOS support added (#2139)
- Increased macOS minimum version to 10.15 (#2220)
- Added Native Auth feature for MacOS to interact with the Microsoft Entra ID services (#2220)
- Fix invalid cert auth request handling (hotfix). (#2278)
- Update Native Auth logging levels for improved clarity and consistency. (#2184)
- Update common core submodule with changes related to upgrade registration. (#2180)
- Add a new flag MSALThrottlingCacheHitKey for error returned from client's throttling. (#2257)
- Update common core submodule with device register action with token protection hint. (#2244)
- Native Auth logs are appropriately masked to ensure sensitive information is protected. (#2253)
- Add platform sequence param. #2192
- Native auth can now store multiple access tokens related to different resources.
- Update common core submodule.
- Automation improvements.
- Add forceRefresh param to ignore AT in cache and request a new AT.
- Preferred auth method added to device information, returned from broker
- Added Native Auth feature to interact with the Microsoft Entra ID services
- Fix pkey auth after server side removal of registration to use isDeviceRegistered flag from ssoContext.
- Fix pkey auth after server side removal of registration
- Add privacy manifest (#1984)
- Add additional error codes for PSSO KeyId mismatch (#1946)
- Updated common core submodule with changes for platform sso and mapping broker version in token result
- Introduce a way to inject external WKWebviewConfiguration for MSIDWebviewUIController - needed for MSAL C++ (#1308)
- Fix duplicate values for error JIT codes (#1893)
- Added ccs request id header (#1844)
- Report WPJ v2 telemetry capability. (common core #1297)
- Add separate error code for OneAuth telemetry purpose (common core #1292)
- Logging improvements (common core #1290)
- Rename some internal macro (common core #1300)
- Expose APIs for manually setting time_Interval for request and session resource (#1288)
- Moving master branch history to main (#1787)
- Added method name with line number for errors in telemetry (#1795)
- Remove references to deprecated APIs. (#1779)
- Support read device info when ecc is on. (#1714)
- Add troubleshooting flow when doing Just in Time registration (#1646)
- Updated extraDeviceInfo to include platform sso status on macOS
- Created CIAM authority for MSAL (#1682)
- Add support PKeyAuthPlus and ECC based JWT signature generation. Common Core PR : (#1044)
- Performed testing for CIAM behaviors in MSAL (#1668)
- Add more detailed error codes for JIT (#1639)
- Add support for nested auth protocol (#1631)
- Fix a crash when identity is nil during getting device registration information on iOS (#1184)
- Fix logger statement (#1630)
- Address github issue 1141 when getting current account crashes by using await in Swift (#1634)
- Update minimum OS version to iOS14 and macOS 10.13
- Expose additional device information by tenantId
- Expose extra deviceInfo
- Ignore sign in status on account removal from ODSP cache #1541
- Stop extra background tasks in the system webview case.
- Minor fixes.
- Minor fixes & CI changes.
- Fixed zipping in release pipeline to preserve symlinks in xcframework
- Multi-tenant PkeyAuth support in MSAL (#1438)
- Add support to wipe cache for all accounts (#1426)
- Added more string utils in common core (#1417)
- Fixed links in iframe to open in themselves instead of browser for embedded web views (#1424)
- Added public API to pass EQP to the /token endpoint (#1406)
- Return device join status regardless of SSO extension error(#1403)
- Use base64URLEncoding for RSA modules (#1399)
- Add helper for cross cloud B2B support in broker (#1370)
- Add support of "create" prompt (#1384)
- Fixed bug where background task was prematurely ended. (#1388)
- Added more logging within common core throttling logic
- Updated release pipeline to publish public docs as last step (#1366)
- Update release pipeline to publish public docs (#1359)
- Migrated PR validation pipeline from Travis to Azure DevOps.(#1333)
- Changed some of the logging levels from info to verbose per customer request
- Minimum Xcode version bumped to 12.2
- Add CCS hint header (#1300)
- Minimum Xcode version bumped to 12.2
- Add CCS hint header (#1300)
- Update 'ts' field in AT Pop payload from string to number (#1310)
- Added telemetry for different token refresh timing
- Support empty or nil access token in MSAL token response (#1256)
- Implement throttling.
- Mask EUII in logs (#1206)
- Fixes to ADO release pipeline. (#1236)
- Fixed required attributes in SHR of AT Pop. (#1267)
- Removed identity core classes from public api (#1158).
- Fixed possible deadlock caused by thread explosion (#1175)
- Added pipeline configuration to generate framework for SPM & automate MSAL release (#1194)
- Extend iOS background tasks to silent and interactive requests
- Change order of FRT/MRRT lookup for silent token refreshes
- Adding nil check before assigning error when developers try to get account by username from MSALPublicClientApplication, this will help to prevent a crash when passing in nil as error ponter from the API
- Added cross-cloud B2B support.
- Fixed logic to handle links that open in new tab for embedded webview.
- AccountForUsername from MSALPublicClientApplication will return nil back when username is nil or empty, error will be provided if a valid error pointer is passed in via this API
- Updated user guide to provide a sample Swift & ObjC code for querying a specific account and return token silently when multiple accounts are present in the cache.
- Added client-side fix for the known ADFS PKeyAuth issue. (#1150)
- Enabled PKeyAuth via UserAgent String on MacOS
- Added a public API for both iOS and MacOS that returns a default recommended WKWebview configuration settings. This API can be found in MSALWebviewParameters.h, along with an example of usage.
- Updated MSAL iOS/MacOS test apps to use aforementioned API to generate a default WKWebview object with recommended default settings for the PassedIn mode.
- Add public interface for asymmetric key/factory for cpp djinni interface
- Update RSA signing code and add conditional check for supported iOS/osx platforms.
- Update repo pipelines running on Xcode 12
- Return private key attributes on key pair generation.
- Bring in latest from dev branch for iOS 14 build
- Fixed account filtering logic by accountId or username where accounts are queried from multiple sources.
- Fixed isSSOAccount flag on the MSALAccount when MSAL reads accounts from multiple sources.
- Ignore duplicate certificate authentication challenge in system webview.
- Make webview parameters optional in MSALSignoutParameters #1086
- Support wiping external account #1085
- Normalize account ID for cache lookups (#1084)
- Add documentation for Proof-of-Possession for Access tokens.
- Support forgetting cached account (#1077)
- Add SSO Seeding call in MSAL Test MacApp
- Fix custom webview bug in MSAL Test MacApp
- Update MSIDBaseBrokerOperationRequest in common-core
- Fix grammar in comments.
- Support bypassing redirect uri validation on macOS (#1076)
- Indicate whether SSO extension account is available for device wide SSO (#1065)
- Add swift static lib target to common core to support AES GCM.
- Enabled XCODE 11.4 recommended settings by default per customer request.
- Append 'PkeyAuth/1.0' keyword to the User Agent String to reliably advertise PkeyAuth capability to ADFS.
- Add a flag to disable logger queue.
- Disabling check for validating result Account.
- Fix unused parameter errors and add macOS specific test mocks.
- Move openBroswerResponse code into its operation (#1020)
- Include redirect uri in body when redeeming refresh token at token endpoint (#1020)
- Expose MSAL SDK Version in public client (#1051)
- Cleanup noisy SSO extension logs (#1047)
- Mark RSA public key as extractable (#1049)
- Cleanup main product targets from test files (#1046)
- Replaced launch image by launch controller and update test app icon with correct size (#1048)
- Modify MSALRedirectUri and MSALRedirectUriVerifier to use existing methods from common core (#1045)
- Save PRT expiry interval in cache to calculate PRT refresh interval more reliably (#1019)
- update new variable in configuration to allow user by pass URI check (#1013)
- Refactor crypto code for cpp integration and add api to generate ephemeral asymmetric key pair (#1018)
- update MSAL test app for SSO Seeding flow #1021
- update new variable in configuration to allow user by pass URI check #1013
- Refactor crypto code for cpp integration and add api to generate ephemeral asymmetric key pair. #1018
- Update logger from Identity Core. (#1009)
- Enabled the following XCODE 11.4 recommended settings by default per customer request -CLANG_ANALYZER_LOCALIZABILITY_NONLOCALIZED = YES; -CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; -CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; -Renamed private properties within "MSIDLastRequestTelemetry.m" to address nested dispatch call issues that arise by enabling above implicit retain self setting.
- Updated supported platforms in readme
- New variable in configuration to allow user bypass redirect URI check (#1013)
- New API to check if compatible AAD broker is available (#1011)
- Support proof of possession for access tokens (#926)
- Clean up account metadata on account removal (#999)
- Silent token lookup for guest accounts with different UPNs (#986)
- Switch to PkeyAuth on macOS (common library #734)
- Support returning additional WPJ info (#931)
- Fixed PkeyAuth when ADFS challenge is URL encoded (common library #750)
- Fixed CBA handling in MSAL (common library #751)
- Fixed failing unit tests on 10.15 (#760)
- Include correlationID in error response (#908)
- Fix handling of certificate based authentication challenge.
- Support client side telemetry in ESTS requests (#930)
- Add logging for enrollment id mismatch for access tokens (#932)
- Protect legacy macOS cache when MSAL writes into ADAL cache (common core #729)
- Fix NTLM crash when window is not key (common core #724)
- Fixed authority validation for developer known authorities (#913)
- Pass prompt=login for signed out accounts (#919)
- Don't require URL scheme registration in Info.plist for app extensions (#914)
- Support SSO in Safari in AAD SSO extension
- Additional automation tests for AAD national cloud scenarios
- Convert access denied error to cancelled on MSAL side (#894)
- Resolved conflict between initWithParentController API on App Store upload (#893)
- Fixed macOS cache on 10.15 when App Identifier Prefix is different from TeamId
- Remove SHA-1 dependency from production library
- Fixed SSO extension + MSIT MFA
- Fixed SSO extension swipe down cancellation case
- Handle http headers coming from iOS broker when it is either a NSDictionary or NSString
- Updated readme to include information about Microsoft Enterprise SSO plug-in for Apple devices and shared device scenarios (#881)
- iOS 13 SSO Extension support
- Support ASWebAuthenticationSession on macOS 10.15
- Track account sign-in and sign-out state
- Support signOut from device if device is configured as shared through MDM
- Keyed unarchiver deserialization fix for iOS 11.2
- [Broker patch] Fixed account lookups and validation with the same email (#827)
- Set mobile content type for the WKWebView configuration (#810)
- Better error handling for missing broker query schemes (#811)
- Enable dogfood Authenticator support by default (#812)
- Optimiza external account writing logic (#813)
- Account lookup fix when no refresh tokens present (#799)
- Fixed external account matching when identifier is not present (#787)
- Added default implementation for ADAL legacy persistence
- Fixed error logging when MSAL was logging false positives
- Make trustedApps in MSALCacheConfig writable to allow apps sharing keychain on macOS
- Always write to the data protection keychain on macOS 10.15
- Support for apps that are present in multiple clouds
- Better logging when error is created
- Block swipe to dismiss for auth controller
- Remove arm64e architecture
- Pass custom keychain group for broker requests
- [Broker patch] Keyed unarchiver deserialization fix for iOS 11.2
- [Broker patch] Fixed account lookups and validation with the same email (#827)
- Return type of the account claims
- MSAL version number and availability. MSAL for iOS and macOS is now generally available.
- Improved Readme.md
- Added library reference
- Improved threading behavior around main thread checks
- Update ACL authorization tag to kSecACLAuthorizationDecrypt for adding trusted applications to keychain items on OSX.
- iOS 13 support for ASWebAuthenticationSession
- Support keychain access groups on macOS 10.15
- Enable iOS 13 compatible broker
- Implement ACL control for macOS keychain
- Added initial macOS support
- Better resolution of authorities for silent token acquisition
- Added backward compatibility for legacy account storages
- Added backward compatibility for ADAL macOS cache
- Updated to newer v2 broker protocol version
- Applying 0.3.1 hotfix changes to latest 0.4.x release
- Removed linked frameworks from static library targets
- Updated MSAL Public API surface to be more extensible and intuitive
- Added support for custom B2C domains
- Improved MSAL error handling
- Improve logging for token removal scenarios
- Use ASCII for PKCE code challenge
- Don't return Access token if ID token/Account are missing
- Ignore cached fields in JSON if they contains "null"
- Updated to newer v2 broker protocol version
- Better error handling in CBA cancellation flows
- Don't read corrupted refresh tokens from cache
- Added broker support to MSAL iOS SDK
- Fix issue when authorization code cannot be read due to a dummy fragment in response URL for B2C (#456)
- Fix warnings in the keychain component
- Fix clang analyzer issues.
- WKWebView drops network connection if device got locked on iOS 12. It is by design and not configurable.
- Improved schema compatibility with other MSAL/ADAL SDKs
- Optimize silent requests
- Support for different authority aliases
- Support for sovereign clouds
- Support for claims challenge
- Better resiliency in case of server outages
- Cache coexistence with older ADAL versions
- Support for SFAuthenticationSession
- Support for WKWebView
- CocoaPods podspec
- GDPR compliance mechanism for MSAL logs and telemetry through PII enabled/disabled flags
- Sample app in Swift
- Nullability identifiers in some classes
- MSAL for ObjC no longer targets test slice by default (#195)
- Initial BUILD Preview Release of MSAL for ObjC!
- The initial MSAL for ObjC preview only support iOS 9 and later. macOS support will later.
- Support for native client token acquisition using
MSALPublicClientApplication
- Interactive auth support using
SFSafariViewController
- iOS Keychain token caching
- Logging via registered callback in
MSALLogger
- Telemetry events via registered callback in
MSALTelemetry