Releases: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
Releases · AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
Release list
8.19.2
7.7.3
5.7.1
What's Changed
- Fix expired test tokens and remove external URL dependencies (5.x) by @iNinja in #3495
- [dev5x] Update version.props with Microsoft Identity Model settings by @pmaytak in #3500
- [dev5x] Add suppressions, missing files. by @pmaytak in #3507
- Improve serializer and JWE key unwrap handling by @iNinja in #3546
Full Changelog: 5.7.0...5.7.1
7.7.2
Bug Fixes
- Update
JwtSecurityTokenHandlerforIssuerSigningKeyResolverUsingConfigurationto take priority overIssuerSigningKeyResolver, matching the documented contract and the correct behavior already present inJsonWebTokenHandler. See PR #3519. - Improve validation of
jkuclaim. See PR #3480.
Dependency Updates
- Update System.Text.Json to 8.0.5 on all target frameworks except .NET 461. See PR #3499.
8.19.1
Bug Fixes
- Update
JwtSecurityTokenHandlerforIssuerSigningKeyResolverUsingConfigurationto take priority overIssuerSigningKeyResolver, matching the documented contract and the correct behavior already present inJsonWebTokenHandler. See PR #3519.
8.19.0
New Features
- Add ML-DSA (FIPS 204) post-quantum signature support. See PR #3479.
- Cache custom crypto providers in CryptoProviderFactory. See PR #3489.
Bug Fixes
- Disable automatic redirects on default HttpClient for JKU retrieval. See PR #3494.
- Adjust rented buffer handling in claim set parsing. See PR #3493.
- Tidy null handling in SAML conditions validation. See PR #3491.
- Improve validation of
jkuclaim. See PR #3481. - Limit telemetry algorithm dimension cardinality. See PR #3490.
- Add defensive copy of collections in ValidationParameters. See PR #3492.
- Update TokenValidationParameter copy constructor to make a deep copy. See PR #3488.
- Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #3505.
- Apply RFC 3986 section 6.2.2 normalization to DPoP
htucomparison. See PR #3509.
8.18.0
New Features
- Introduced a new interface
IConfigurationEventHandlerContextAware<T>that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #3444. - Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #3443.
8.17.0
8.16.0
8.15.0
New Features
- Add ECDsa support in
X509SecurityKeyandJsonWebKeyConverter.ConvertFromX509SecurityKey
ExtendedX509SecurityKeyandJsonWebKeyConverter.ConvertFromX509SecurityKeyto support ECDSA keys.
See PR #2377 for details.
Bug Fixes
- Sanitize logs to avoid leaking sensitive data
Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
See PR #3316 for details. - Optimize log sanitization with
SearchValues
Improved the performance of the log sanitization logic introduced earlier by usingSearchValues, making sanitization more efficient in high-throughput scenarios.
See PR #3341 for details. - Update test for
IDX10400
Adjusted theIDX10400test to align with the current behavior and error messaging.
See PR #3314 for details.
Fundamentals
- Add supported algorithm tests
Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
See PR #3296 for details. - Migrate repository agent rules from
.clinerulestoagents.md
Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
See PR #3313 for details. - Migrate
Microsoft.IdentityModel.TestExtensionsfrom Newtonsoft.Json to System.Text.Json
UpdatedMicrosoft.IdentityModel.TestExtensionsto useSystem.Text.Jsoninstead ofNewtonsoft.Json, aligning tests with the runtime serialization stack.
See PR #3356 for details. - Disable code coverage comments
Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
See PR #3349 for details. - Fix CodeQL alerts
Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
See PR #3364 for details.
.NET 10 / SDK and tooling updates
- Building with .NET 10 preview / RC 1
Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
See PRs #3287, #3357, and #3358 for details. - Fix .NET 10 test execution consistency
Ensured consistent use of theTargetNetNextparameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
See PR #3337 for details. - Update project files and workflows for .NET 10.0 compatibility
Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
See PR #3363 for details. - Update .NET version to meet CG compliance
Updated the .NET version references to be compliant with corporate governance (CG) requirements.
See PR #3353 for details. - Update Coverlet collector and test SDK
- Update
runTests.ps1to specify dotnet directory
UpdatedrunTests.ps1to accept an explicit dotnet directory, improving test execution robustness in environments with multiple SDK installations.
See PR #3368 for details. - Adjust dotnetcore workflow targeting for .NET 10 SDK
Iterated on the CI workflow configuration to correctly target the .NET 10 SDK:
Documentation
- Update support policy documentation
RefreshedsupportPolicy.mdto reflect the latest support policy for IdentityModel.
See PR #3367 for details.