deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal #481

dependabot · 2026-01-12T09:34:47Z

Updated Microsoft.Identity.Client from 4.67.2 to 4.81.0.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.81.0 What's Changed

Expose API SendX5C from ROPC CCA flow by @neha-bhargava in Expose API SendX5C from ROPC CCA flow AzureAD/microsoft-authentication-library-for-dotnet#5635
Refactor and simplify Microsoft.Identity.Test.LabInfrastructure by @Avery-Dunn in Refactor and simplify Microsoft.Identity.Test.LabInfrastructure AzureAD/microsoft-authentication-library-for-dotnet#5631
Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data by @Copilot in Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data AzureAD/microsoft-authentication-library-for-dotnet#5642

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.80.0...4.81.0

4.80.0

Features

Added extensibility APIs—WithCertificate, OnMsalServiceFailure, and OnCompletion—to enable callback handling for certificate injection, retry on MSAL service failure events, and completion notifications #5573
Extend IAuthenticationOperation interface with Async methods in IAuthenticationOperation2 #5376
Enable IAuthenticationOperation2 to reject MSAL cached tokens and fetch new ones from ESTS #5567

Changes

IMDS Source Detection Logic Improvement #5602
Update DesktopOsHelper.IsMac to work properly on .NET 10 + macOS 26 #5541

Bug Fixes

Fix KeyNotFoundException during retry when headers lack correlation ID #5617
Implement Service Exception for IMDS Probe #5615

4.79.2 What's Changed

Bump winsdk dependency by @bgavrilMS in Bump winsdk dependency AzureAD/microsoft-authentication-library-for-dotnet#5575
ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used by @Robbie-Microsoft in ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used AzureAD/microsoft-authentication-library-for-dotnet#5579
Downgrade System.Formats.Asn1 to match ID web by @Avery-Dunn in Downgrade System.Formats.Asn1 to match ID web AzureAD/microsoft-authentication-library-for-dotnet#5583

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.79.0...4.79.2

4.79.0 What's Changed

Fix instance discovery bug 5546 by @bgavrilMS in Fix instance discovery bug 5546 AzureAD/microsoft-authentication-library-for-dotnet#5549
Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) by @Robbie-Microsoft in Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) AzureAD/microsoft-authentication-library-for-dotnet#5501
Bearer Requests should Fallback to IMDS in Preview by @gladjohn in Bearer Requests should Fallback to IMDS in Preview AzureAD/microsoft-authentication-library-for-dotnet#5562
Updating MSAL to send client info = 2 on client credential flow by @trwalke in Updating MSAL to send client info = 2 on client credential flow AzureAD/microsoft-authentication-library-for-dotnet#5529
Make IMsalMtlsHttpClientFactory interface public by @cpp11nullptr in Make IMsalMtlsHttpClientFactory interface public AzureAD/microsoft-authentication-library-for-dotnet#5559
Mark WithClientAssertion API as experimental by @gladjohn in Mark WithClientAssertion API as experimental AzureAD/microsoft-authentication-library-for-dotnet#5551
Adjust WithExtraQueryParameters APIs and cache key behavior by @Avery-Dunn in Adjust WithExtraQueryParameters APIs and cache key behavior AzureAD/microsoft-authentication-library-for-dotnet#5536

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.78.0...4.79.0

4.78.0

Changes

Update SDK version from 8.0.404 to 8.0.415. #5543
Hide / deprecate some obscure APIs. #5484

Bug Fixes

Support Android edge-to-edge. #5499
Android broker does not support ADFS authority. #5522

4.77.1 What's Changed

Fix prototype code to address CodeQL by @bgavrilMS in Fix prototype code to address CodeQL AzureAD/microsoft-authentication-library-for-dotnet#5472
Update CHANGELOG.md for MSAL 4.77.0 by @gladjohn in Update CHANGELOG.md for MSAL 4.77.0 AzureAD/microsoft-authentication-library-for-dotnet#5473
Mark project as AOT compatible for net 8 by @neha-bhargava in Mark project as AOT compatible for net 8 AzureAD/microsoft-authentication-library-for-dotnet#5458
Update public api for MSAL Release 4.77.0 by @gladjohn in Update public api for MSAL Release 4.77.0 AzureAD/microsoft-authentication-library-for-dotnet#5471
Adjust issuer validation to accept differing paths by @Avery-Dunn in Adjust issuer validation to accept differing paths AzureAD/microsoft-authentication-library-for-dotnet#5466
Added better error message for OIDC error by @trwalke in Added better error message for OIDC error AzureAD/microsoft-authentication-library-for-dotnet#5433
Remove failing test project from solution to prevent build breaks. by @MZOLN in Remove failing test project from solution to prevent build breaks. AzureAD/microsoft-authentication-library-for-dotnet#5481
Fix MSB3277 “WindowsBase” conflicts in dev apps by enabling WPF build ref by @gladjohn in Fix MSB3277 “WindowsBase” conflicts in dev apps by enabling WPF build ref AzureAD/microsoft-authentication-library-for-dotnet#5482
Remove some flaky tests that were just an overkill by @gladjohn in Remove some flaky tests that were just an overkill AzureAD/microsoft-authentication-library-for-dotnet#5486
Remove dupe ropc b2c tests by @gladjohn in Remove dupe ropc b2c tests AzureAD/microsoft-authentication-library-for-dotnet#5487
Revert changes made for Http2 by @neha-bhargava in Revert changes made for Http2 AzureAD/microsoft-authentication-library-for-dotnet#5462

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.77.0...4.77.1

4.77.0

4.76.0 What's Changed

Removal of ExperimentalFeatures flag on WithMtlsProofOfPossession API: by @gladjohn in Removal of ExperimentalFeatures flag on WithMtlsProofOfPossession API: AzureAD/microsoft-authentication-library-for-dotnet#5402
#5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority by @andkorsh in #5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority AzureAD/microsoft-authentication-library-for-dotnet#5401
Add Service Fabric token revocation support by @gladjohn in Add Service Fabric token revocation support AzureAD/microsoft-authentication-library-for-dotnet#5421
Update NativeInterop package version to 0.19.4 by @ashok672 in Update NativeInterop package version to 0.19.4 AzureAD/microsoft-authentication-library-for-dotnet#5434
Adding WithExtraBodyParameters api by @trwalke in Adding WithExtraBodyParameters api AzureAD/microsoft-authentication-library-for-dotnet#5389
Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates by @gladjohn in Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates AzureAD/microsoft-authentication-library-for-dotnet#5409

New Contributors

@andkorsh made their first contribution in #5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority AzureAD/microsoft-authentication-library-for-dotnet#5401

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.74.1...4.76.0

4.74.1

Bug fixes

When you configure MSAL with WithOidcAuthority(), the library now confirms that the issuer returned by the OIDC discovery endpoint matches the expected authority (including CIAM patterns) and throws an exception if it does not. Add issuer validation when making call to OIDC endpoint AzureAD/microsoft-authentication-library-for-dotnet#5358
Re-expose public AuthenticationResult constructor. A public, test-friendly constructor of AuthenticationResult was inadvertently hidden behind [Obsolete] and [EditorBrowsable(Never)]. The constructor is now publicly available again. [Bug] AuthenticationResult has no public constructor AzureAD/microsoft-authentication-library-for-dotnet#5392

4.74.0

Features

Deprecate ROPC flow in Public Client Applications Deprecate ROPC flow AzureAD/microsoft-authentication-library-for-dotnet#5355.
AuthenticationResult exposes a new BindingCertificate property that returns the X.509 certificate bound to the access token in mTLS-PoP scenarios. [Feature Request] Return mTLS Client certificate as part of the AuthenticationResult AzureAD/microsoft-authentication-library-for-dotnet#5370.

Bug fixes

MSAL now honors the DEFAULT_IDENTITY_CLIENT_ID environment variable when acquiring tokens from Azure Machine Learning managed-identity endpoint. [Feature Request] Support for new Azure ML Managed Identity AzureAD/microsoft-authentication-library-for-dotnet#5350.

4.73.1 What's Changed

Deprecate AcquireTokenByIntegratedWindowsAuth API by @ashok672 in Deprecate AcquireTokenByIntegratedWindowsAuth API AzureAD/microsoft-authentication-library-for-dotnet#5345
Update native interop to 0.19.2 by @fengga in Update native interop to 0.19.2 AzureAD/microsoft-authentication-library-for-dotnet#5362
update the deprecated openURL(:) api to openURL(:options:completionHandler) by @DharshanBJ in update the deprecated openURL(:) api to openURL(:options:completionHandler) AzureAD/microsoft-authentication-library-for-dotnet#5354

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.73.0...4.73.1

4.73.0 What's Changed

Add mac broker console app support by @fengga in Add mac broker console app support AzureAD/microsoft-authentication-library-for-dotnet#5274
Use HTTP 2 on .NET where possible by @bgavrilMS in Use HTTP 2 on .NET AzureAD/microsoft-authentication-library-for-dotnet#5314
Expose access token cache count by @bgavrilMS in Expose access token cache count AzureAD/microsoft-authentication-library-for-dotnet#5330
Add an extensibility API - WithFmiPathForClientAssertion … by @bgavrilMS in Fix #5342 - add an extensibility API - WithFmiPathForClientAssertion … AzureAD/microsoft-authentication-library-for-dotnet#5347
Hide ListOperatingSystemAccounts in intellisense by @ashok672 in Hide ListOperatingSystemAccounts in intellisense AzureAD/microsoft-authentication-library-for-dotnet#5304
Reworked retry policy functionality & Created IMDS retry policy by @Robbie-Microsoft in Reworked retry policy functionality & Created IMDS retry policy AzureAD/microsoft-authentication-library-for-dotnet#5231

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.1...4.73.0

4.72.1

Bug Fixes

Ensure instance of IMsalHttpClientFactory passed by the user is used for managed identity flows that do not require cert validation. See Issue #5286
Fix a URL typo in the API comments. See [Engineering task] fix typo microsfoftonline AzureAD/microsoft-authentication-library-for-dotnet#5277

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.0...4.72.1

4.72.0

Features

Added MacOs Broker support. See Issue #5051

Bug Fixes

Ensure additional cache parameters are persisted in cache serializationIssue #5261

4.71.1

Bug Fixes

Pass the validate function to the http manager. See Issue #5242
Change the resource id param for IMDS. See Issue #5238

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.71.0...4.71.1

4.71.0

Bug Fixes

Enable the Service Fabric flow to get a httpClient from the factory with ssl validation callback. See Issue #5220

Full changelog: 4.70.2 .. 4.71.0

4.70.2 What's Changed

Updated MSIv1 Token Revocation's token_sha256_to_refresh param to use sha256's HEX representation by @gladjohn in Update MSIv1 Token Revocation's token_sha256_to_refresh param to use sha256's HEX representation AzureAD/microsoft-authentication-library-for-dotnet#5229

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.70.1...4.70.2

4.70.1 What's Changed

Fix Machine Learning Source to Use "clientid" Instead of "client_id" by @gladjohn in Fix Machine Learning Source to Use "clientid" Instead of "client_id" AzureAD/microsoft-authentication-library-for-dotnet#5193
Fixing IsCommonOrOrganizationsTenant check to not return true for consumers by @trwalke in Fixing IsCommonOrOrganizationsTenant check to not return true for consumers AzureAD/microsoft-authentication-library-for-dotnet#5195
Fix logger message to accurately reflect skipCache condition by @gladjohn in Fix logger message to accurately reflect skipCache condition AzureAD/microsoft-authentication-library-for-dotnet#5201
Removing experimental feature Flag from WithFmiPath by @trwalke in Removing experimental feature Flag from WithFmiPath AzureAD/microsoft-authentication-library-for-dotnet#5206
Fix for 5223 - env var to disable ESTS-R by @bgavrilMS in Fix for 5223 - env var to disable ESTS-R AzureAD/microsoft-authentication-library-for-dotnet#5224

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.70.0...4.70.1

4.70.0

Features

Added a .WithAccessTokenSha256ToRefresh() method to AcquireTokenForClientParameterBuilder for ConfidentialClientApplication, allowing finer control over token refresh scenarios. Issue #5111, PR #5179
Added TokenCacheNotificationArgs.NoDistributedCacheUseReason in order to indicate that the configured serialized cache should not be a distributed cache to prevent issues when acquiring tokens. Issue #5199

Bug Fixes

Removed invalid tenant checks (/organizations or /common) in MTLS flows for AAD/dSTS authorities. Issue #5093
Fixed an issue where specifying a null service config region in MTLS scenarios did not correctly throw an exception. Issue #5181

4.69.1

Features

Enabled broker support on the Linux platform. See Issue #5086
Added a WithCertificate(..., bool associateTokensWithCertificateSerialNumber) overload to enable the use of the certificate's serial number as part of the cache key for tokens. Issue #5150

Bug Fixes

MSAL will now stop replacing "%20" with "+" since it is obsolete. See Issue #5061
Exposed client capabilities in AssertionRequestOptions for MSI FIC scenarios Issue #4948
Added the missing claims in SignedAssertion when using the AssertionRequestOptions Delegate Issue #5143

4.68.0

Features

Added WithFmiPath() api to support FMI scenarios in MSAL. See Issue #5110
MSAL will now pass Client sku and Version to MsalRuntime for MSAL Runtime's client telemetry. See Issue #5103

Bug Fixes

Reordered the condition for ManagedIdentitySource.MachineLearning to be checked after ManagedIdentitySource.AppService instead of before it. See Issue #5077
Improved Managed Identity Source Detection Logging for Debugging. See Issue #5097
When a 404 error occurs, MSAL will now include the endpoint and authority URLs in the exception message for better debugging. See Issue #4769
MSAL will now set UseShellExecute to false in OpenLinuxBrowser. See Issue #5075
Fixed a threading exception when using ExtraQueryParameters. See Issue #5108

Commits viewable in compare view.

Updated Microsoft.Identity.Client.Extensions.Msal from 4.67.2 to 4.81.0.

Release notes

Sourced from Microsoft.Identity.Client.Extensions.Msal's releases.

4.81.0 What's Changed

Expose API SendX5C from ROPC CCA flow by @neha-bhargava in Expose API SendX5C from ROPC CCA flow AzureAD/microsoft-authentication-library-for-dotnet#5635
Refactor and simplify Microsoft.Identity.Test.LabInfrastructure by @Avery-Dunn in Refactor and simplify Microsoft.Identity.Test.LabInfrastructure AzureAD/microsoft-authentication-library-for-dotnet#5631
Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data by @Copilot in Remove Headers from MsalServiceException.ToString() to prevent logging sensitive data AzureAD/microsoft-authentication-library-for-dotnet#5642

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.80.0...4.81.0

4.80.0

Features

Added extensibility APIs—WithCertificate, OnMsalServiceFailure, and OnCompletion—to enable callback handling for certificate injection, retry on MSAL service failure events, and completion notifications #5573
Extend IAuthenticationOperation interface with Async methods in IAuthenticationOperation2 #5376
Enable IAuthenticationOperation2 to reject MSAL cached tokens and fetch new ones from ESTS #5567

Changes

IMDS Source Detection Logic Improvement #5602
Update DesktopOsHelper.IsMac to work properly on .NET 10 + macOS 26 #5541

Bug Fixes

Fix KeyNotFoundException during retry when headers lack correlation ID #5617
Implement Service Exception for IMDS Probe #5615

4.79.2 What's Changed

Bump winsdk dependency by @bgavrilMS in Bump winsdk dependency AzureAD/microsoft-authentication-library-for-dotnet#5575
ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used by @Robbie-Microsoft in ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used AzureAD/microsoft-authentication-library-for-dotnet#5579
Downgrade System.Formats.Asn1 to match ID web by @Avery-Dunn in Downgrade System.Formats.Asn1 to match ID web AzureAD/microsoft-authentication-library-for-dotnet#5583

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.79.0...4.79.2

4.79.0 What's Changed

Fix instance discovery bug 5546 by @bgavrilMS in Fix instance discovery bug 5546 AzureAD/microsoft-authentication-library-for-dotnet#5549
Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) by @Robbie-Microsoft in Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) AzureAD/microsoft-authentication-library-for-dotnet#5501
Bearer Requests should Fallback to IMDS in Preview by @gladjohn in Bearer Requests should Fallback to IMDS in Preview AzureAD/microsoft-authentication-library-for-dotnet#5562
Updating MSAL to send client info = 2 on client credential flow by @trwalke in Updating MSAL to send client info = 2 on client credential flow AzureAD/microsoft-authentication-library-for-dotnet#5529
Make IMsalMtlsHttpClientFactory interface public by @cpp11nullptr in Make IMsalMtlsHttpClientFactory interface public AzureAD/microsoft-authentication-library-for-dotnet#5559
Mark WithClientAssertion API as experimental by @gladjohn in Mark WithClientAssertion API as experimental AzureAD/microsoft-authentication-library-for-dotnet#5551
Adjust WithExtraQueryParameters APIs and cache key behavior by @Avery-Dunn in Adjust WithExtraQueryParameters APIs and cache key behavior AzureAD/microsoft-authentication-library-for-dotnet#5536

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.78.0...4.79.0

4.78.0

Changes

Update SDK version from 8.0.404 to 8.0.415. #5543
Hide / deprecate some obscure APIs. #5484

Bug Fixes

Support Android edge-to-edge. #5499
Android broker does not support ADFS authority. #5522

4.77.1 What's Changed

Fix prototype code to address CodeQL by @bgavrilMS in Fix prototype code to address CodeQL AzureAD/microsoft-authentication-library-for-dotnet#5472
Update CHANGELOG.md for MSAL 4.77.0 by @gladjohn in Update CHANGELOG.md for MSAL 4.77.0 AzureAD/microsoft-authentication-library-for-dotnet#5473
Mark project as AOT compatible for net 8 by @neha-bhargava in Mark project as AOT compatible for net 8 AzureAD/microsoft-authentication-library-for-dotnet#5458
Update public api for MSAL Release 4.77.0 by @gladjohn in Update public api for MSAL Release 4.77.0 AzureAD/microsoft-authentication-library-for-dotnet#5471
Adjust issuer validation to accept differing paths by @Avery-Dunn in Adjust issuer validation to accept differing paths AzureAD/microsoft-authentication-library-for-dotnet#5466
Added better error message for OIDC error by @trwalke in Added better error message for OIDC error AzureAD/microsoft-authentication-library-for-dotnet#5433
Remove failing test project from solution to prevent build breaks. by @MZOLN in Remove failing test project from solution to prevent build breaks. AzureAD/microsoft-authentication-library-for-dotnet#5481
Fix MSB3277 “WindowsBase” conflicts in dev apps by enabling WPF build ref by @gladjohn in Fix MSB3277 “WindowsBase” conflicts in dev apps by enabling WPF build ref AzureAD/microsoft-authentication-library-for-dotnet#5482
Remove some flaky tests that were just an overkill by @gladjohn in Remove some flaky tests that were just an overkill AzureAD/microsoft-authentication-library-for-dotnet#5486
Remove dupe ropc b2c tests by @gladjohn in Remove dupe ropc b2c tests AzureAD/microsoft-authentication-library-for-dotnet#5487
Revert changes made for Http2 by @neha-bhargava in Revert changes made for Http2 AzureAD/microsoft-authentication-library-for-dotnet#5462

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.77.0...4.77.1

4.77.0

Features

Added WinUI 3 support for Desktop Broker flows. Implement WinUI3 support for Desktop package AzureAD/microsoft-authentication-library-for-dotnet#5411
Introduced extensibility API to allow users to add custom HTTP headers to token acquisition requests (under extensibility). Introduces the extensibility API to allow users to add custom HTTP headers to token acquisition requests (under extensibility) AzureAD/microsoft-authentication-library-for-dotnet#5440

Changes

Remove passing x-client-os as a query parameter in the authorization URI. Remove passing x-client-os as query param in authorization uri AzureAD/microsoft-authentication-library-for-dotnet#5456
Bump Microsoft.IdentityModel.Abstractions to a supported version. Bump Microsoft.IdentityModel.Abstractions as current version is out o… AzureAD/microsoft-authentication-library-for-dotnet#5452

Bug fixes

Remove confusing error text as it only applies to one of many possible causes. Remove confusing error text as it only applies to one of many possible causes AzureAD/microsoft-authentication-library-for-dotnet#5467

4.76.0 What's Changed

Removal of ExperimentalFeatures flag on WithMtlsProofOfPossession API: by @gladjohn in Removal of ExperimentalFeatures flag on WithMtlsProofOfPossession API: AzureAD/microsoft-authentication-library-for-dotnet#5402
#5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority by @andkorsh in #5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority AzureAD/microsoft-authentication-library-for-dotnet#5401
Add Service Fabric token revocation support by @gladjohn in Add Service Fabric token revocation support AzureAD/microsoft-authentication-library-for-dotnet#5421
Update NativeInterop package version to 0.19.4 by @ashok672 in Update NativeInterop package version to 0.19.4 AzureAD/microsoft-authentication-library-for-dotnet#5434
Adding WithExtraBodyParameters api by @trwalke in Adding WithExtraBodyParameters api AzureAD/microsoft-authentication-library-for-dotnet#5389
Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates by @gladjohn in Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates AzureAD/microsoft-authentication-library-for-dotnet#5409

New Contributors

@andkorsh made their first contribution in #5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority AzureAD/microsoft-authentication-library-for-dotnet#5401

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.74.1...4.76.0

4.74.1

Bug fixes

When you configure MSAL with WithOidcAuthority(), the library now confirms that the issuer returned by the OIDC discovery endpoint matches the expected authority (including CIAM patterns) and throws an exception if it does not. Add issuer validation when making call to OIDC endpoint AzureAD/microsoft-authentication-library-for-dotnet#5358
Re-expose public AuthenticationResult constructor. A public, test-friendly constructor of AuthenticationResult was inadvertently hidden behind [Obsolete] and [EditorBrowsable(Never)]. The constructor is now publicly available again. [Bug] AuthenticationResult has no public constructor AzureAD/microsoft-authentication-library-for-dotnet#5392

4.74.0

Features

Deprecate ROPC flow in Public Client Applications Deprecate ROPC flow AzureAD/microsoft-authentication-library-for-dotnet#5355.
AuthenticationResult exposes a new BindingCertificate property that returns the X.509 certificate bound to the access token in mTLS-PoP scenarios. [Feature Request] Return mTLS Client certificate as part of the AuthenticationResult AzureAD/microsoft-authentication-library-for-dotnet#5370.

Bug fixes

MSAL now honors the DEFAULT_IDENTITY_CLIENT_ID environment variable when acquiring tokens from Azure Machine Learning managed-identity endpoint. [Feature Request] Support for new Azure ML Managed Identity AzureAD/microsoft-authentication-library-for-dotnet#5350.

4.73.1 What's Changed

Deprecate AcquireTokenByIntegratedWindowsAuth API by @ashok672 in Deprecate AcquireTokenByIntegratedWindowsAuth API AzureAD/microsoft-authentication-library-for-dotnet#5345
Update native interop to 0.19.2 by @fengga in Update native interop to 0.19.2 AzureAD/microsoft-authentication-library-for-dotnet#5362
update the deprecated openURL(:) api to openURL(:options:completionHandler) by @DharshanBJ in update the deprecated openURL(:) api to openURL(:options:completionHandler) AzureAD/microsoft-authentication-library-for-dotnet#5354

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.73.0...4.73.1

4.73.0 What's Changed

Add mac broker console app support by @fengga in Add mac broker console app support AzureAD/microsoft-authentication-library-for-dotnet#5274
Use HTTP 2 on .NET where possible by @bgavrilMS in Use HTTP 2 on .NET AzureAD/microsoft-authentication-library-for-dotnet#5314
Expose access token cache count by @bgavrilMS in Expose access token cache count AzureAD/microsoft-authentication-library-for-dotnet#5330
Add an extensibility API - WithFmiPathForClientAssertion … by @bgavrilMS in Fix #5342 - add an extensibility API - WithFmiPathForClientAssertion … AzureAD/microsoft-authentication-library-for-dotnet#5347
Hide ListOperatingSystemAccounts in intellisense by @ashok672 in Hide ListOperatingSystemAccounts in intellisense AzureAD/microsoft-authentication-library-for-dotnet#5304
Reworked retry policy functionality & Created IMDS retry policy by @Robbie-Microsoft in Reworked retry policy functionality & Created IMDS retry policy AzureAD/microsoft-authentication-library-for-dotnet#5231

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.1...4.73.0

4.72.1

Bug Fixes

Ensure instance of IMsalHttpClientFactory passed by the user is used for managed identity flows that do not require cert validation. See Issue #5286
Fix a URL typo in the API comments. See [Engineering task] fix typo microsfoftonline AzureAD/microsoft-authentication-library-for-dotnet#5277

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.0...4.72.1

4.72.0

Features

Added MacOs Broker support. See Issue #5051

Bug Fixes

Ensure additional cache parameters are persisted in cache serializationIssue #5261

4.71.1

Bug Fixes

Pass the validate function to the http manager. See Issue #5242
Change the resource id param for IMDS. See Issue #5238

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.71.0...4.71.1

4.71.0

Bug Fixes

Enable the Service Fabric flow to get a httpClient from the factory with ssl validation callback. See Issue #5220

Full changelog: 4.70.2 .. 4.71.0

4.70.2 What's Changed

Updated MSIv1 Token Revocation's token_sha256_to_refresh param to use sha256's HEX representation by @gladjohn in Update MSIv1 Token Revocation's token_sha256_to_refresh param to use sha256's HEX representation AzureAD/microsoft-authentication-library-for-dotnet#5229

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.70.1...4.70.2

4.70.1 What's Changed

Fix Machine Learning Source to Use "clientid" Instead of "client_id" by @gladjohn in Fix Machine Learning Source to Use "clientid" Instead of "client_id" AzureAD/microsoft-authentication-library-for-dotnet#5193
Fixing IsCommonOrOrganizationsTenant check to not return true for consumers by @trwalke in Fixing IsCommonOrOrganizationsTenant check to not return true for consumers AzureAD/microsoft-authentication-library-for-dotnet#5195
Fix logger message to accurately reflect skipCache condition by @gladjohn in Fix logger message to accurately reflect skipCache condition AzureAD/microsoft-authentication-library-for-dotnet#5201
Removing experimental feature Flag from WithFmiPath by @trwalke in Removing experimental feature Flag from WithFmiPath AzureAD/microsoft-authentication-library-for-dotnet#5206
Fix for 5223 - env var to disable ESTS-R by @bgavrilMS in Fix for 5223 - env var to disable ESTS-R AzureAD/microsoft-authentication-library-for-dotnet#5224

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.70.0...4.70.1

4.70.0

Features

Added a .WithAccessTokenSha256ToRefresh() method to AcquireTokenForClientParameterBuilder for ConfidentialClientApplication, allowing finer control over token refresh scenarios. Issue #5111, PR #5179
Added TokenCacheNotificationArgs.NoDistributedCacheUseReason in order to indicate that the configured serialized cache should not be a distributed cache to prevent issues when acquiring tokens. Issue #5199

Bug Fixes

Removed invalid tenant checks (/organizations or /common) in MTLS flows for AAD/dSTS authorities. Issue #5093
Fixed an issue where specifying a null service config region in MTLS scenarios did not correctly throw an exception. Issue #5181

4.69.1

Features

Enabled broker support on the Linux platform. See Issue #5086
Added a WithCertificate(..., bool associateTokensWithCertificateSerialNumber) overload to enable the use of the certificate's serial number as part of the cache key for tokens. Issue #5150

Bug Fixes

MSAL will now stop replacing "%20" with "+" since it is obsolete. See Issue #5061
Exposed client capabilities in AssertionRequestOptions for MSI FIC scenarios Issue #4948
Added the missing claims in SignedAssertion when using the AssertionRequestOptions Delegate Issue #5143

4.68.0

Features

Added WithFmiPath() api to support FMI scenarios in MSAL. See Issue #5110
MSAL will now pass Client sku and Version to MsalRuntime for MSAL Runtime's client telemetry. See Issue #5103

Bug Fixes

Reordered the condition for ManagedIdentitySource.MachineLearning to be checked after ManagedIdentitySource.AppService instead of before it. See Issue #5077
Improved Managed Identity Source Detection Logging for Debugging. See Issue #5097
When a 404 error occurs, MSAL will now include the endpoint and authority URLs in the exception message for better debugging. See Issue #4769
MSAL will now set UseShellExecute to false in OpenLinuxBrowser. See Issue #5075
Fixed a threading exception when using ExtraQueryParameters. See Issue #5108

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot · 2026-01-12T09:34:48Z

Labels

The following labels could not be found: dependencies, nuget. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

…tensions.Msal Bumps Microsoft.Identity.Client from 4.67.2 to 4.81.0 Bumps Microsoft.Identity.Client.Extensions.Msal from 4.67.2 to 4.81.0 --- updated-dependencies: - dependency-name: Microsoft.Identity.Client dependency-version: 4.81.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Microsoft.Identity.Client.Extensions.Msal dependency-version: 4.81.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

joshsmithxrm · 2026-01-14T14:41:46Z

Included in docs/cleanup-staging branch (commit b13ffb6)

dependabot · 2026-01-14T14:41:50Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

github-project-automation bot added this to PPDS Roadmap Jan 12, 2026

github-project-automation bot moved this to Todo in PPDS Roadmap Jan 12, 2026

dependabot bot mentioned this pull request Jan 12, 2026

deps: Bump Microsoft.Identity.Client from 4.67.2 to 4.81.0 #480

Closed

dependabot bot had a problem deploying to test-dataverse January 12, 2026 09:34 Failure

dependabot bot force-pushed the dependabot/nuget/src/PPDS.Auth/multi-b43ee55e40 branch from a15366c to dc4a426 Compare January 12, 2026 16:15

dependabot bot had a problem deploying to test-dataverse January 12, 2026 16:15 Failure

joshsmithxrm closed this Jan 14, 2026

github-project-automation bot moved this from Todo to Done in PPDS Roadmap Jan 14, 2026

dependabot bot deleted the dependabot/nuget/src/PPDS.Auth/multi-b43ee55e40 branch January 14, 2026 14:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal #481

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal #481

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Jan 12, 2026

Uh oh!

joshsmithxrm commented Jan 14, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal #481

deps: Bump Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal #481

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

4.81.0

What's Changed

4.80.0

Features

Changes

Bug Fixes

4.79.2

What's Changed

4.79.0

What's Changed

4.78.0

Changes

Bug Fixes

4.77.1

What's Changed

4.77.0

Features

Changes

Bug fixes

4.76.0

What's Changed

New Contributors

4.74.1

Bug fixes

4.74.0

Features

Bug fixes

4.73.1

What's Changed

4.73.0

What's Changed

4.72.1

4.72.1

Bug Fixes

4.72.0

4.72.0

Features

Bug Fixes

4.71.1

Bug Fixes

4.71.0

Bug Fixes

4.70.2

What's Changed

4.70.1

What's Changed

4.70.0

Features

Bug Fixes

4.69.1

4.69.1

Features

Bug Fixes

4.68.0

Features

Bug Fixes

4.81.0

What's Changed

4.80.0

Features

Changes

Bug Fixes

4.79.2

What's Changed

4.79.0

What's Changed

4.78.0

Changes

Bug Fixes

4.77.1

What's Changed

4.77.0

Features

dependabot bot commented on behalf of github Jan 12, 2026 •

edited

Loading