search

AzureAD / microsoft-identity-web

Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
MIT License
684 stars 217 forks source link

Undocumented breaking change with ClientAssertionProviderBase's GetSignedAssertion => GetSignedAssertionAsync #3101

Closed okonaraddi-msft closed 3 weeks ago

okonaraddi-msft commented 1 month ago

Microsoft.Identity.Web Library

Microsoft.Identity.Web.CertificateLess

Microsoft.Identity.Web version

3.2.2

Web app

Not Applicable

Web API

Not Applicable

Token cache serialization

Not Applicable

Description

It looks like there was a breaking change when the public API here was changed https://github.com/AzureAD/microsoft-identity-web/commit/3d33ee3a0d86cc3d2882e8563e38a10995fcf2fc and it appears to have been intentional. I couldn't find this in the release notes. I believe it's part of v3.2.2. Could you please document this public API change? Additionally, are there any breaking changes to the functionality?

We depend on a combination of tests and release notes documenting breaking changes to determine whether a package update was safe. There are other breaking changes already documented in the release notes so this may have just been a one-off omission.

Reproduction steps

Updating from v2.20.0 to v3.2.2 will break usage of ClientAssertionProviderBase.GetSignedAssertion because it doesn't exist anymore.

Error message

No response

Id Web logs

No response

Relevant code snippets

var m = new ManagedIdentityClientAssertion("<some client id>");
m.GetSignedAssertion(CancellationToken.None); // this method will break on v3.2.2

Regression

No response

Expected behavior

Expected to see change in Public API documented in release notes as a breaking change.

jmprieur commented 3 weeks ago

https://github.com/AzureAD/microsoft-identity-web/pull/3116