AzureAD · jmprieur · Oct 10, 2025 · Sep 26, 2025 · Sep 26, 2025 · Sep 26, 2025
@@ -2,12 +2,12 @@
   <PropertyGroup>
     <!--This should be passed from the VSTS build-->
     <!-- This needs to be greater than or equal to the validation baseline version -->
-    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">3.14.1</MicrosoftIdentityWebVersion>
+    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">4.0.0</MicrosoftIdentityWebVersion>
     <!--This will generate AssemblyVersion, AssemblyFileVersion and AssemblyInformationVersion-->
     <Version>$(MicrosoftIdentityWebVersion)</Version>
 
     <EnablePackageValidation>true</EnablePackageValidation>
-    <PackageValidationBaselineVersion>2.7.0</PackageValidationBaselineVersion>
+    <PackageValidationBaselineVersion>3.14.1</PackageValidationBaselineVersion>
 
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)\build\35MSSharedLib1024.snk</AssemblyOriginatorKeyFile>
     <RepositoryType>git</RepositoryType>
@@ -82,8 +82,8 @@
 
   <PropertyGroup Label="Common dependency versions">
     <MicrosoftIdentityModelVersion Condition="'$(MicrosoftIdentityModelVersion)' == ''">8.14.0</MicrosoftIdentityModelVersion>
-    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.77.0</MicrosoftIdentityClientVersion>
-    <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">9.4.0</MicrosoftIdentityAbstractionsVersion>
+    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.77.1</MicrosoftIdentityClientVersion>
+    <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">9.5.0</MicrosoftIdentityAbstractionsVersion>
     <FxCopAnalyzersVersion>3.3.0</FxCopAnalyzersVersion>
     <SystemTextEncodingsWebVersion>4.7.2</SystemTextEncodingsWebVersion>
     <AzureSecurityKeyVaultSecretsVersion>4.6.0</AzureSecurityKeyVaultSecretsVersion>

@@ -1,3 +1,22 @@
+4.0.0
+=========
+### Breaking Changes
+**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.
+
+### New features
+- Various improvements to performance logging, authentication, and credential loading capabilities.
+- Bumped MSAL.NET to 4.77.1
+- Added credential description extensibility. For details, see [#3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)
+- Added a new CerticateObserverAction type: SuccessfullyUsed. See [#3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)
+- Add specification of OID (in addition to upn) for Agent User Identity. See [#3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)
+
+### Fundamentals
+- Various improvements to .NET support and dependency optimizations.
+- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)
+- Combined and fixed test collections. See [#3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)
+- Migrate repository agent rules from .clinerules to agents.md. See [#3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)
+- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)
+
 3.14.1
 =======
 ##  Bug fix

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- https://learn.microsoft.com/dotnet/fundamentals/package-validation/diagnostic-ids -->
+<Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <Suppression>
+    <DiagnosticId>CP0008</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.CertificateSource</Target>
+    <Left>lib/net6.0/Microsoft.Identity.Web.Certificate.dll</Left>
+    <Right>lib/netstandard2.0/Microsoft.Identity.Web.Certificate.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0008</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.CertificateSource</Target>
+    <Left>lib/net7.0/Microsoft.Identity.Web.Certificate.dll</Left>
+    <Right>lib/netstandard2.0/Microsoft.Identity.Web.Certificate.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+</Suppressions>
@@ -47,7 +47,7 @@ public static void AddAuthorizationHeaderRequestEndpoints(this WebApplication ap
                 "Repeat parameters like 'optionsOverride.Scopes' to add multiple scopes.");
     }
 
-    private static async Task<Results<Ok<AuthorizationHeaderResult>, ProblemHttpResult>> AuthorizationHeaderAsync(
+    private static async Task<Results<Ok<Models.AuthorizationHeaderResult>, ProblemHttpResult>> AuthorizationHeaderAsync(
         HttpContext httpContext,
         [Description("The downstream API to acquire an authorization header for.")]
         [FromRoute]
@@ -114,6 +114,6 @@ private static async Task<Results<Ok<AuthorizationHeaderResult>, ProblemHttpResu
                 statusCode: StatusCodes.Status500InternalServerError);
         }
 
-        return TypedResults.Ok(new AuthorizationHeaderResult(authorizationHeader));
+        return TypedResults.Ok(new Models.AuthorizationHeaderResult(authorizationHeader));
     }
 }
@@ -1,40 +1,46 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- https://learn.microsoft.com/dotnet/fundamentals/package-validation/diagnostic-ids -->
-<Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <Suppression>
-    <DiagnosticId>CP0001</DiagnosticId>
-    <Target>T:Microsoft.Identity.Web.OpenIdConnectOptions</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0002</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ErrorPath</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0002</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ResetPasswordPath</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0006</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,System.String,Microsoft.AspNetCore.Http.HttpResponse)</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0006</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,Microsoft.AspNetCore.Http.HttpResponse)</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0007</DiagnosticId>
-    <Target>T:Microsoft.Identity.Web.MicrosoftIdentityOptions</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
+<?xml version="1.0" encoding="utf-8"?>
+<!-- https://learn.microsoft.com/dotnet/fundamentals/package-validation/diagnostic-ids -->
+<Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <Suppression>
+    <DiagnosticId>CP0001</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.OpenIdConnectOptions</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0002</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0002</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ErrorPath</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0002</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ResetPasswordPath</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0006</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,System.String,Microsoft.AspNetCore.Http.HttpResponse)</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0006</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,Microsoft.AspNetCore.Http.HttpResponse)</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0007</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.MicrosoftIdentityOptions</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
 </Suppressions>
@@ -62,7 +62,7 @@ public async Task MockedAuthorizationFlow_WithValidConfiguration_ReturnsAuthoriz
         }
 
         Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-        var result = JsonSerializer.Deserialize<AuthorizationHeaderResult>(content, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+        var result = JsonSerializer.Deserialize<Microsoft.Identity.Web.Sidecar.Models.AuthorizationHeaderResult>(content, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
         Assert.NotNull(result);
         Assert.Equal(expectedAuthHeader, result.AuthorizationHeader);
     }

@@ -133,7 +133,7 @@ public async Task GetAuthorizationHeaderForAgentUserIdentityUnauthenticated_With
 
         Assert.True(result.IsSuccessStatusCode);
 
-        var response = await result.Content.ReadFromJsonAsync<AuthorizationHeaderResult>();
+        var response = await result.Content.ReadFromJsonAsync<Microsoft.Identity.Web.Sidecar.Models.AuthorizationHeaderResult>();
 
         Assert.NotNull(response?.AuthorizationHeader);
         Assert.StartsWith("Bearer ey", response.AuthorizationHeader, StringComparison.Ordinal);