Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0

.clinerules/idweb-guidelines.md

@@ -1,4 +1,4 @@
-# IdWeb Guidelines
+# Microsoft Identity Web Guidelines
 
 ## Overview
 
@@ -77,11 +77,14 @@ The following NuGet packages are shipped as part of Microsoft.Identity.Web:
 - Include benchmark tests for performance-sensitive changes
 - Verify security implications of changes
 
-### Public API Changes
-- The project uses Microsoft.CodeAnalysis.PublicApiAnalyzers (version 3.3.4) to track changes to public APIs
-- For any changes to public APIs (classes, interfaces, methods, properties, etc.), you must:
-  1. Locate the PublicAPI.Unshipped.txt file in the directory of the changed code
-  2. Include the complete API signature
+### Public and Internal API Changes
+- The project uses Microsoft.CodeAnalysis.PublicApiAnalyzers
+- For any public and internal API (i.e. public and internal member) changes:
+  1. Update PublicAPI.Unshipped.txt in the relevant package directory for a public API change
+  2. Update InternalAPI.Unshipped.txt in the relevant package directory for an internal API change
+  3. Include complete API signatures
+  4. Consider backward compatibility impacts
+  5. Document breaking changes clearly
 
 Example format:
 ```diff
@@ -94,4 +97,4 @@ Example format:
 -MyNamespace.MyClass.OldMethod() -> void
 ```
 
-The analyzer will verify during build that all public API changes are properly documented, and the build will fail if changes are not reflected in PublicAPI.Unshipped.txt.
+The analyzer enforces documentation of all public API changes in PublicAPI.Unshipped.txt and all internal API changes in InternalAPI.Unshipped.txt and will fail the build if changes are not properly reflected.

Directory.Build.props

@@ -92,8 +92,8 @@
     <SystemTextJsonVersion>8.0.5</SystemTextJsonVersion>
     <!--CVE-2023-29331-->
     <SystemFormatsAsn1Version>8.0.1</SystemFormatsAsn1Version>
-    <BannedApiAnalyzersVersion>3.3.4</BannedApiAnalyzersVersion>
-    <PublicApiAnalyzersVersion>3.3.4</PublicApiAnalyzersVersion>
+    <BannedApiAnalyzersVersion>4.14.0</BannedApiAnalyzersVersion>
+    <PublicApiAnalyzersVersion>4.14.0</PublicApiAnalyzersVersion>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(TargetFramework)' == 'net9.0'">

src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net462/PublicAPI.Shipped.txt

@@ -158,3 +158,5 @@ virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.Cre
 virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(System.Collections.Generic.IEnumerable<string!>! scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = null, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string!>!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.DefineConfiguration(Microsoft.Extensions.Configuration.IConfigurationBuilder! builder) -> string!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.PreBuild() -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForApp.Invoke(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions) -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForTestUser.Invoke(Microsoft.Identity.Client.AcquireTokenByUsernameAndPasswordConfidentialParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void

src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net472/PublicAPI.Shipped.txt

@@ -158,3 +158,5 @@ virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.Cre
 virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(System.Collections.Generic.IEnumerable<string!>! scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = null, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string!>!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.DefineConfiguration(Microsoft.Extensions.Configuration.IConfigurationBuilder! builder) -> string!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.PreBuild() -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForApp.Invoke(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions) -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForTestUser.Invoke(Microsoft.Identity.Client.AcquireTokenByUsernameAndPasswordConfidentialParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void

src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net6.0/PublicAPI.Shipped.txt

@@ -159,3 +159,5 @@ virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.Cre
 virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(System.Collections.Generic.IEnumerable<string!>! scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = null, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string!>!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.DefineConfiguration(Microsoft.Extensions.Configuration.IConfigurationBuilder! builder) -> string!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.PreBuild() -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForApp.Invoke(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions) -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForTestUser.Invoke(Microsoft.Identity.Client.AcquireTokenByUsernameAndPasswordConfidentialParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void

src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net7.0/PublicAPI.Shipped.txt

@@ -159,3 +159,5 @@ virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.Cre
 virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(System.Collections.Generic.IEnumerable<string!>! scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = null, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string!>!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.DefineConfiguration(Microsoft.Extensions.Configuration.IConfigurationBuilder! builder) -> string!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.PreBuild() -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForApp.Invoke(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions) -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForTestUser.Invoke(Microsoft.Identity.Client.AcquireTokenByUsernameAndPasswordConfidentialParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void

src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net8.0/PublicAPI.Shipped.txt

@@ -159,3 +159,5 @@ virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.Cre
 virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(System.Collections.Generic.IEnumerable<string!>! scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = null, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string!>!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.DefineConfiguration(Microsoft.Extensions.Configuration.IConfigurationBuilder! builder) -> string!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.PreBuild() -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForApp.Invoke(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions) -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForTestUser.Invoke(Microsoft.Identity.Client.AcquireTokenByUsernameAndPasswordConfidentialParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void

src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/net9.0/PublicAPI.Shipped.txt

@@ -159,3 +159,5 @@ virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.Cre
 virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(System.Collections.Generic.IEnumerable<string!>! scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = null, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string!>!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.DefineConfiguration(Microsoft.Extensions.Configuration.IConfigurationBuilder! builder) -> string!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.PreBuild() -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForApp.Invoke(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions) -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForTestUser.Invoke(Microsoft.Identity.Client.AcquireTokenByUsernameAndPasswordConfidentialParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void

src/Microsoft.Identity.Web.TokenAcquisition/PublicAPI/netstandard2.0/PublicAPI.Shipped.txt

@@ -158,3 +158,5 @@ virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.Cre
 virtual Microsoft.Identity.Web.Extensibility.BaseAuthorizationHeaderProvider.CreateAuthorizationHeaderForUserAsync(System.Collections.Generic.IEnumerable<string!>! scopes, Microsoft.Identity.Abstractions.AuthorizationHeaderProviderOptions? authorizationHeaderProviderOptions = null, System.Security.Claims.ClaimsPrincipal? claimsPrincipal = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) -> System.Threading.Tasks.Task<string!>!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.DefineConfiguration(Microsoft.Extensions.Configuration.IConfigurationBuilder! builder) -> string!
 virtual Microsoft.Identity.Web.TokenAcquirerFactory.PreBuild() -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForApp.Invoke(Microsoft.Identity.Client.AcquireTokenForClientParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions) -> void
+virtual Microsoft.Identity.Web.BeforeTokenAcquisitionForTestUser.Invoke(Microsoft.Identity.Client.AcquireTokenByUsernameAndPasswordConfidentialParameterBuilder! builder, Microsoft.Identity.Abstractions.AcquireTokenOptions? acquireTokenOptions, System.Security.Claims.ClaimsPrincipal! user) -> void