Skip to content

Releases: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet

8.19.2

Choose a tag to compare

@iNinja iNinja released this 14 Jul 17:20
ee19952

What's Changed

  • Improve serializer and JWE key unwrap handling by @iNinja in #3544

Full Changelog: 8.19.1...8.19.2

7.7.3

Choose a tag to compare

@iNinja iNinja released this 14 Jul 17:19
ff96e25

What's Changed

  • Improve serializer and JWE key unwrap handling by @iNinja in #3545

Full Changelog: 7.7.2...7.7.3

5.7.1

Choose a tag to compare

@iNinja iNinja released this 14 Jul 17:18
71d2b27

What's Changed

  • Fix expired test tokens and remove external URL dependencies (5.x) by @iNinja in #3495
  • [dev5x] Update version.props with Microsoft Identity Model settings by @pmaytak in #3500
  • [dev5x] Add suppressions, missing files. by @pmaytak in #3507
  • Improve serializer and JWE key unwrap handling by @iNinja in #3546

Full Changelog: 5.7.0...5.7.1

7.7.2

Choose a tag to compare

@pmaytak pmaytak released this 03 Jun 07:04
d399a12

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #3519.
  • Improve validation of jku claim. See PR #3480.

Dependency Updates

  • Update System.Text.Json to 8.0.5 on all target frameworks except .NET 461. See PR #3499.

8.19.1

Choose a tag to compare

@pmaytak pmaytak released this 03 Jun 03:37
3dba199

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #3519.

8.19.0

Choose a tag to compare

@pmaytak pmaytak released this 02 Jun 03:37
63d9d67

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #3494.
  • Adjust rented buffer handling in claim set parsing. See PR #3493.
  • Tidy null handling in SAML conditions validation. See PR #3491.
  • Improve validation of jku claim. See PR #3481.
  • Limit telemetry algorithm dimension cardinality. See PR #3490.
  • Add defensive copy of collections in ValidationParameters. See PR #3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #3509.

8.18.0

Choose a tag to compare

@pmaytak pmaytak released this 05 May 21:27
dda09aa

New Features

  • Introduced a new interface IConfigurationEventHandlerContextAware<T> that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #3444.
  • Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #3443.

8.17.0

Choose a tag to compare

@mdchennu mdchennu released this 24 Mar 20:31
7b061d4

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #3435.

8.16.0

Choose a tag to compare

@pmaytak pmaytak released this 13 Feb 21:45
f817240

New Features

  • Add telemetry around signature validation. See PR #3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #3389 for details.

8.15.0

Choose a tag to compare

@pmaytak pmaytak released this 19 Nov 21:12
c33522e

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #3287, #3357, and #3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      See PR #3336 for details.
  • Update runTests.ps1 to specify dotnet directory
    Updated runTests.ps1 to accept an explicit dotnet directory, improving test execution robustness in environments with multiple SDK installations.
    See PR #3368 for details.
  • Adjust dotnetcore workflow targeting for .NET 10 SDK
    Iterated on the CI workflow configuration to correctly target the .NET 10 SDK:
    • Temporarily removed targeting of the .NET 10 SDK in dotnetcore.yml.
      See PR #3335.
    • Reverted that change to restore .NET 10 SDK targeting.
      See PR #3339 for details.

Documentation

  • Update support policy documentation
    Refreshed supportPolicy.md to reflect the latest support policy for IdentityModel.
    See PR #3367 for details.