Sourced from Microsoft.Identity.Web's releases.

2.17.2

New features

• Added support for CIAM custom user domains. You can now use an Open ID connect authority in the "Authority" property of the configuration instead of using "Instance" and "Tenant". See issue #2690 for details.

2.17.1

• Updated to Microsoft.IdentityModel.* 7.4.0

New features

• DownstreamApi now automatically processes claims challenge from web APIs which are CAE enabled, provided you set "ClientCapablities" : ["cp1"] in the configuation. See issue #2550.

Bug fixes

• Fixes the use of ServiceDescriptor for containers which have keyed services present. This can be an issue on .NET 8.0. See issue #2676 for details.

Engineering excellence

• Calls to ConfidentialClientApplicationBuilderExtension.WithClientCredentials are fully async. See issue #2566 for details.

2.17.0

• Updated to Microsoft.IdentityModel.* 7.3.1 and MSAL.NET 4.59.0

New features

• Added support for Microsoft.NET.Sdk.Worker. See Worker calling APIs
• Added support for Managed identity when calling a downstream API on behalf of the app. See Calling APIs with Managed Identity and PR 2650. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)

Bug fixes

• In OWIN applications, GetTokenForUserAsync now respects the ClaimsPrincipal. See issue #2629 for details.
• After setting AddTokenAcquisition(useSingleton:true) to use token acquisition as a singleton, if you use .AddMicrosoftGraph and/or .AddDownstreamApi after this call, the GraphServiceClient and IDownstreamApis are now registered as a singleton service. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)
• Added check Against Injection Attacks. For details see PR 2619

Engineering excellence

• Added a benchmark running on PR merges, available from https://azuread.github.io/microsoft-identity-web/benchmarks on GitHub pages

Sourced from Microsoft.Identity.Web's changelog.

2.17.2

New features

• Added support for CIAM custom user domains. You can now use an Open ID connect authority in the "Authority" property of the configuration instead of using "Instance" and "Tenant". See issue #2690 for details.

2.17.1

• Updated to Microsoft.IdentityModel.* 7.4.0

New features

• DownstreamApi now automatically processes claims challenge from web APIs which are CAE enabled, provided you set "ClientCapablities" : ["cp1"] in the configuation. See issue #2550.

Bug fixes

• Fixes the use of ServiceDescriptor for containers which have keyed services present. This can be an issue on .NET 8.0. See issue #2676 for details.

Engineering excellence

• Calls to ConfidentialClientApplicationBuilderExtension.WithClientCredentials are fully async. See issue #2566 for details.

2.17.0

• Updated to Microsoft.IdentityModel.* 7.3.1 and MSAL.NET 4.59.0

New features

• Added support for Microsoft.NET.Sdk.Worker. See Worker calling APIs
• Added support for Managed identity when calling a downstream API on behalf of the app. See Calling APIs with Managed Identity and PR 2650. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)

Bug fixes

• In OWIN applications, GetTokenForUserAsync now respects the ClaimsPrincipal. See issue #2629 for details.
• After setting AddTokenAcquisition(useSingleton:true) to use token acquisition as a singleton, if you use .AddMicrosoftGraph and/or .AddDownstreamApi after this call, the GraphServiceClient and IDownstreamApis are now registered as a singleton service. For details see [PR #2645](AzureAD/microsoft-identity-web#2645)
• Added check Against Injection Attacks. For details see PR 2619

Engineering excellence

• Added a benchmark running on PR merges, available from https://azuread.github.io/microsoft-identity-web/benchmarks on GitHub pages

• fc5d24a Improve the Ciam sample (#2703)
• b510002 Moves NuGet.Config into root folder (#2701)
• 4345be7 Update changelog for rel/2.17.2 (#2700)
• 5da1f6a Add support for custom user domains (#2696)
• 518d671 stop using obsolete downstreamwebapi, use the latest id web (#2699)
• 0f1095c remove unused code, extra semicolon (#2691)
• 8473045 changelog for 2.17.1 (#2682)
• 4355c93 update to identitymodel 7.4.0 (#2683)
• 407db82 IDownstreamApi handles Continuous Access Evaluation (CAE) (#2616)
• ced8591 Make ConfidentialClientApplicationBuilderExtension.WithClientCredentials asyn...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)