merge

Author: GladwinJohnson

.github/workflows/aot-check.yml

@@ -29,5 +29,5 @@ jobs:
 
     - name: Runs powershell script
       id: aot-powershell
-      run: build\test-aot.ps1 'net8.0'
+      run: build\test-aot.ps1 'net9.0'
 

Directory.Build.props

@@ -2,7 +2,7 @@
   <PropertyGroup>
     <!--This should be passed from the VSTS build-->
     <!-- This needs to be greater than or equal to the validation baseline version -->
-    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">3.8.5</MicrosoftIdentityWebVersion>
+    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">3.9.1</MicrosoftIdentityWebVersion>
     <!--This will generate AssemblyVersion, AssemblyFileVersion and AssemblyInformationVersion-->
     <Version>$(MicrosoftIdentityWebVersion)</Version>
 
@@ -44,14 +44,6 @@
     <SuppressTfmSupportBuildWarnings>true</SuppressTfmSupportBuildWarnings>
   </PropertyGroup>
 
-  <PropertyGroup Condition="'$(TargetFrameworkIdentifier)' == 'NET6_0_OR_GREATER'">
-    <IsTrimmable>true</IsTrimmable>
-  </PropertyGroup>
-
-  <PropertyGroup Condition="'$(TargetFrameworkIdentifier)' == 'NET8_0_OR_GREATER'">
-    <EnableMicrosoftExtensionsConfigurationBinderSourceGenerator>true</EnableMicrosoftExtensionsConfigurationBinderSourceGenerator>
-  </PropertyGroup>
-
   <PropertyGroup Condition="'$(TF_BUILD)' == 'true'">
     <ContinuousIntegrationBuild>true</ContinuousIntegrationBuild>
   </PropertyGroup>
@@ -86,16 +78,16 @@
   </PropertyGroup>
 
   <PropertyGroup Label="Common dependency versions">
-    <MicrosoftIdentityModelVersion Condition="'$(MicrosoftIdentityModelVersion)' == ''">8.8.0</MicrosoftIdentityModelVersion>
-    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.71.0</MicrosoftIdentityClientVersion>
+    <MicrosoftIdentityModelVersion Condition="'$(MicrosoftIdentityModelVersion)' == ''">8.10.0</MicrosoftIdentityModelVersion>
+    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.72.1</MicrosoftIdentityClientVersion>
     <FxCopAnalyzersVersion>3.3.0</FxCopAnalyzersVersion>
     <SystemTextEncodingsWebVersion>4.7.2</SystemTextEncodingsWebVersion>
     <AzureSecurityKeyVaultSecretsVersion>4.6.0</AzureSecurityKeyVaultSecretsVersion>
     <AzureIdentityVersion>1.11.4</AzureIdentityVersion>
     <AzureSecurityKeyVaultCertificatesVersion>4.6.0</AzureSecurityKeyVaultCertificatesVersion>
     <MicrosoftGraphVersion>4.36.0</MicrosoftGraphVersion>
     <MicrosoftGraphBetaVersion>4.57.0-preview</MicrosoftGraphBetaVersion>
-    <MicrosoftIdentityAbstractionsVersion>9.0.0</MicrosoftIdentityAbstractionsVersion>
+    <MicrosoftIdentityAbstractionsVersion>9.1.0</MicrosoftIdentityAbstractionsVersion>
     <!--CVE-2024-43485-->
     <SystemTextJsonVersion>8.0.5</SystemTextJsonVersion>
     <!--CVE-2023-29331-->

Microsoft.Identity.Web.slnLaunch

@@ -0,0 +1,15 @@
+[
+  {
+    "Name": "B2C DevApps",
+    "Projects": [
+      {
+        "Path": "tests\\DevApps\\B2CWebAppCallsWebApi\\Client\\TodoListClient.csproj",
+        "Action": "Start"
+      },
+      {
+        "Path": "tests\\DevApps\\B2CWebAppCallsWebApi\\TodoListService\\TodoListService.csproj",
+        "Action": "Start"
+      }
+    ]
+  }
+]

README.md

@@ -16,6 +16,16 @@ Quick links:
 
  [![NuGet](https://img.shields.io/nuget/v/Microsoft.Identity.Web.svg?style=flat-square&label=nuget&colorB=00b200)](https://www.nuget.org/packages/Microsoft.Identity.Web/)
 
+## Version Lifecycle and Support Matrix
+
+See [Long Term Support policy](./supportPolicy.md) for details.
+
+The following table lists IdentityWeb versions currently supported and receiving security fixes.
+
+| Major Version | Last Release | Patch release date  | Support phase|End of support |
+| --------------|--------------|--------|------------|--------|
+| 3.x           | [![NuGet](https://img.shields.io/nuget/v/Microsoft.Identity.Web.svg?style=flat-square&label=nuget&colorB=00b200)](https://www.nuget.org/packages/Microsoft.Identity.Web/)   |Monthly| Active | Not planned.<br/>✅Supported versions: from 3.0.0 to [![NuGet](https://img.shields.io/nuget/v/Microsoft.Identity.Web.svg?style=flat-square&label=nuget&colorB=00b200)](https://www.nuget.org/packages/Microsoft.Identity.Web/)<br/>⚠️Unsupported versions `< 3.0.0`.|
+
 ## Build Status
 
 [![Build Status](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Factions-badge.atrox.dev%2FAzureAD%2Fmicrosoft-identity-web%2Fbadge&style=flat)](https://actions-badge.atrox.dev/AzureAD/microsoft-identity-web/goto)

build/test-aot.ps1

@@ -16,7 +16,7 @@ foreach ($line in $($publishOutput -split "`r`n"))
 }
 
 Write-Host "Actual warning count is: ", $actualWarningCount
-$expectedWarningCount = 61
+$expectedWarningCount = 50
 
 if ($LastExitCode -ne 0)
 {

changelog.md

@@ -1,3 +1,33 @@
+3.9.1
+### Package updates
+- Microsoft.Identity.Abstractions updated to version [9.1.0](https://github.com/AzureAD/azure-identity-abstractions/releases/tag/9.1.0).
+
+### Fundamentals
+- Fix AoT warnings. For details see [#3366](https://github.com/AzureAD/microsoft-identity-web/pull/3366)
+
+3.9.0
+========
+### Package updates
+- Microsoft.IdentityModel updated to version [8.10.0](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/8.10.0).
+- MSAL.NET updated to version [MSAL.NET 4.72.0](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/tag/4.72.0).
+
+### Bug fixes
+- Fixed issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).
+- Resolved IL warnings from AddDownstreamApis in NativeAOT projects. See [#3355](https://github.com/AzureAD/microsoft-identity-web/issues/3360).
+- Ensured AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).
+- Prevented null reference when accessing MergedOptions instance. See [#3337](https://github.com/AzureAD/microsoft-identity-web/issues/3337).
+
+### New feature
+ - Added optional login_hint and domain_hint support to AccountController.SignIn endpoint. See [#3244](https://github.com/AzureAD/microsoft-identity-web/issues/3244) and [#3348](https://github.com/AzureAD/microsoft-identity-web/pull/3348/files).
+
+### Fundamentals
+- Introduced Long-Term Support (LTS) policy. See [#3357](https://github.com/AzureAD/microsoft-identity-web/commit/b6ff65bb4f49289c914100c3a382fa16da2b5508).
+- Added tests to validate xms_cc (client capability) forwarding in CCA flows. See [#3349](https://github.com/AzureAD/microsoft-identity-web/issues/3349).
+
+### External contributions
+Thank you @evan-buss for your contribution and fixing the issue where RequiredScopeOrAppPermission extension method didn’t work with Minimal APIs. See [#3323](https://github.com/AzureAD/microsoft-identity-web/issues/3323).
+Thank you @neha-bhargava for your contribution and ensuring AcquireTokenForConfidentialClient correctly passes MSAL exceptions. See [#3345](https://github.com/AzureAD/microsoft-identity-web/issues/3345).
+
 3.8.4
 ========
 ### Package updates