Azure/azure-sdk-for-net (Azure.Identity)
### [`v1.10.2`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.2)
##### 1.10.2 (2023-10-10)
##### Bugs Fixed
- Bug fixes for development time credentials.
### [`v1.10.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.1)
#### 1.10.1 (2023-09-12)
##### Bugs Fixed
- `ManagedIdentityCredential` will fall through to the next credential in the chain in the case that Docker Desktop returns a 403 response when attempting to access the IMDS endpoint. [#38218](https://togithub.com/Azure/azure-sdk-for-net/issues/38218)
- Fixed an issue where interactive credentials would still prompt on the first GetToken request even when the cache is populated and an AuthenticationRecord is provided. [#38431](https://togithub.com/Azure/azure-sdk-for-net/issues/38431)
### [`v1.10.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.0)
#### 1.10.0 (2023-08-14)
##### Features Added
- Added `BrowserCustomization` property to `InteractiveBrowserCredential` to enable web view customization for interactive authentication.
##### Bugs Fixed
- ManagedIdentityCredential will no longer attempt to parse invalid json payloads on responses from the managed identity endpoint.
- Fixed an issue where AzurePowerShellCredential fails to parse the token response from Azure PowerShell. [#22638](https://togithub.com/Azure/azure-sdk-for-net/issues/22638)
### [`v1.9.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.9.0)
#### 1.9.0 (2023-05-09)
##### Breaking Changes
- Changed visibility of all environment variable based properties on `EnvironmentCredentialOptions` to internal. These options are again only configurable via environment variables.
### [`v1.8.2`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.2)
#### 1.8.2 (2023-02-08)
##### Bugs Fixed
- Fixed error message parsing in `AzurePowerShellCredential` which would misinterpret AAD errors with the need to install PowerShell. [#31998](https://togithub.com/Azure/azure-sdk-for-net/issues/31998)
- Fix regional endpoint validation error when using `ManagedIdentityCredential`. \[[#32498](https://togithub.com/Azure/azure-sdk-for-net/issues/32498)])([https://github.com/Azure/azure-sdk-for-net/issues/32498](https://togithub.com/Azure/azure-sdk-for-net/issues/32498))
### [`v1.8.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.1)
#### 1.8.1 (2023-01-13)
##### Bugs Fixed
- Fixed an issue when using `ManagedIdentityCredential` in combination with authorities other than Azure public cloud that resulted in a incorrect instance metadata validation error. [#32498](https://togithub.com/Azure/azure-sdk-for-net/issues/32498)
### [`v1.8.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.0)
#### 1.8.0 (2022-11-08)
##### Bugs Fixed
- Fixed error message parsing in `AzureCliCredential` which would misinterpret AAD errors with the need to login with `az login`. [#26894](https://togithub.com/Azure/azure-sdk-for-net/issues/26894), [#29109](https://togithub.com/Azure/azure-sdk-for-net/issues/29109)
- `ManagedIdentityCredential` will no longer fail when a response received from the endpoint is invalid JSON. It now treats this scenario as if the credential is unavailable. [#30467](https://togithub.com/Azure/azure-sdk-for-net/issues/30467), [#32061](https://togithub.com/Azure/azure-sdk-for-net/issues/32061)
### [`v1.7.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.7.0)
#### 1.7.0 (2022-09-19)
##### Features Added
- Added `AdditionallyAllowedTenants` to the following credential options to force explicit opt-in behavior for multi-tenant authentication:
- `AuthorizationCodeCredentialOptions`
- `AzureCliCredentialOptions`
- `AzurePowerShellCredentialOptions`
- `ClientAssertionCredentialOptions`
- `ClientCertificateCredentialOptions`
- `ClientSecretCredentialOptions`
- `DefaultAzureCredentialOptions`
- `OnBehalfOfCredentialOptions`
- `UsernamePasswordCredentialOptions`
- `VisualStudioCodeCredentialOptions`
- `VisualStudioCredentialOptions`
- Added `TenantId` to `DefaultAzureCredentialOptions` to avoid having to set `InteractiveBrowserTenantId`, `SharedTokenCacheTenantId`, `VisualStudioCodeTenantId`, and `VisualStudioTenantId` individually.
##### Bugs Fixed
- Fixed overly restrictive scope validation to allow the '\_' character, for common scopes such as `user_impersonation` [#30647](https://togithub.com/Azure/azure-sdk-for-net/issues/30647)
##### Breaking Changes
- Credential types supporting multi-tenant authentication will now throw `AuthenticationFailedException` if the requested tenant ID doesn't match the credential's tenant ID, and is not included in the `AdditionallyAllowedTenants` option. Applications must now explicitly add additional tenants to the `AdditionallyAllowedTenants` list, or add '\*' to list, to enable acquiring tokens from tenants other than the originally specified tenant ID. See [BREAKING_CHANGES.md](https://togithub.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/BREAKING_CHANGES.md#170).
- `ManagedIdentityCredential` token caching added in 1.7.0-beta.1 has been removed from this release and will be added back in 1.8.0-beta.1
### [`v1.6.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.6.1)
#### 1.6.1 (2022-08-08)
##### Bugs Fixed
- Fixed `AZURE_REGIONAL_AUTHORITY_NAME` support in `ClientCertificateCredential` [#29112](https://togithub.com/Azure/azure-sdk-for-net/issues/29112)
- Fixed regression in `SharedTokenCacheCredential` default behavior [#28029](https://togithub.com/Azure/azure-sdk-for-net/issues/28029)
- Fixed legacy PowerShell discovery failures [#28030](https://togithub.com/Azure/azure-sdk-for-net/issues/28030) (A community contribution, courtesy of *[nerddtvg](https://togithub.com/nerddtvg)*)
##### Other Changes
- Documentation improvements to `TokenCacheRefreshArgs` and `EnvironmentCredential` (Community contributions, courtesy of *[pmaytak](https://togithub.com/pmaytak)* and *[goenning](https://togithub.com/goenning)*)
##### Acknowledgments
Thank you to our developer community members who helped to make Azure Identity better with their contributions to this release:
- *[nerddtvg](https://togithub.com/nerddtvg)*
- *[pmaytak](https://togithub.com/pmaytak)*
- *[goenning](https://togithub.com/goenning)*
### [`v1.6.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.6.0)
#### 1.6.0 (2022-04-05)
##### Features Added
- Added a new property under the `Diagnostics` options available on `TokenCredentialOptions` and all sub-types. If set to `true`, we try to log the account identifiers by parsing the received access token. The account identifiers we try to log are the:
- Application or Client Identifier
- User Principal Name
- Tenant Identifier
- Object Identifier of the authenticated user or app
- `ManagedIdentityCredential` now attempts to use the newest "2019-08-01" api version for App Service Managed Identity sources. The newer API version will be used if the `IDENTITY_ENDPOINT` and `IDENTITY_HEADER` environment variables are set.
##### Bugs Fixed
- Fixed an issue where the x5c header is not sent for `OnBehalfOfCredential` when the `SendCertificateChain` option is set. [#27679](https://togithub.com/Azure/azure-sdk-for-net/issues/27679)
### [`v1.5.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.5.0)
#### 1.5.0 (2021-10-14)
##### Breaking Changes from 1.5.0-beta.4
- The `AllowMultiTenantAuthentication` option has been removed and the default behavior is now as if it were true. The multi-tenant discovery feature can be totally disabled by either setting an `AppContext` switch named "Azure.Identity.DisableTenantDiscovery" to `true` or by setting the environment variable "AZURE_IDENTITY_DISABLE_MULTITENANTAUTH" to "true".
- Removed the `IsPIILoggingEnabled` property from `TokenCredentialOptions`, similar functionality is planned to be added to `TokenCredentialOptions.Diagnostics` in a later release.
- Removed `RegionalAuthority` from `ClientCertificateCredentialOptions` and `ClientSecretCredentialOptions`, along with the `RegionalAuthority` type. This feature will stay in preview, and these APIs will be added back in `1.6.0-beta.1`.
- Renamed struct `TokenCacheDetails` to `TokenCacheData`.
- Renamed class `TokenCacheNotificationDetails` to `TokenCacheRefreshArgs`.
- Updated `CacheBytes` property on `TokenCacheData` to be readonly and a required constructor parameter.
##### Bugs Fixed
- Fixed issue with `AuthorizationCodeCredential` not specifying correct redirectUrl (Issue [#24183](https://togithub.com/Azure/azure-sdk-for-net/issues/24183))
##### Other Changes
- Updated error messages to include links to the Azure.Identity troubleshooting guide.
### [`v1.4.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.4.1)
#### 1.4.1 (2021-08-04)
##### Fixes and improvements
- Fixed issue resulting in duplicate event source names when executing in Azure Functions
### [`v1.4.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.4.0)
#### 1.4.0 (2021-05-12)
##### New Features
- By default, the MSAL Public Client Client Capabilities are populated with "CP1" to enable support for [Continuous Access Evaluation (CAE)](https://docs.microsoft.com/azure/active-directory/develop/app-resilience-continuous-access-evaluation).
This indicates to AAD that your application is CAE ready and can handle the CAE claim challenge. This capability can be disabled, if necessary, by either setting an `AppContext` switch named "Azure.Identity.DisableCP1" to `true` or by setting the environment variable;
"AZURE_IDENTITY_DISABLE_CP1" to "true". Note: AppContext switches can also be configured via configuration like below:
```xml
```
##### Fixes and improvements
- The Microsoft Authentication Library (MSAL) dependency versions have been updated to the latest
- Microsoft.Identity.Client version 4.30.1, Microsoft.Identity.Client.Extensions.Msal version 2.18.4.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
1.3.0->1.10.2By merging this PR, the below issues will be automatically resolved and closed:
Release Notes
Azure/azure-sdk-for-net (Azure.Identity)
### [`v1.10.2`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.2) ##### 1.10.2 (2023-10-10) ##### Bugs Fixed - Bug fixes for development time credentials. ### [`v1.10.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.1) #### 1.10.1 (2023-09-12) ##### Bugs Fixed - `ManagedIdentityCredential` will fall through to the next credential in the chain in the case that Docker Desktop returns a 403 response when attempting to access the IMDS endpoint. [#38218](https://togithub.com/Azure/azure-sdk-for-net/issues/38218) - Fixed an issue where interactive credentials would still prompt on the first GetToken request even when the cache is populated and an AuthenticationRecord is provided. [#38431](https://togithub.com/Azure/azure-sdk-for-net/issues/38431) ### [`v1.10.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.10.0) #### 1.10.0 (2023-08-14) ##### Features Added - Added `BrowserCustomization` property to `InteractiveBrowserCredential` to enable web view customization for interactive authentication. ##### Bugs Fixed - ManagedIdentityCredential will no longer attempt to parse invalid json payloads on responses from the managed identity endpoint. - Fixed an issue where AzurePowerShellCredential fails to parse the token response from Azure PowerShell. [#22638](https://togithub.com/Azure/azure-sdk-for-net/issues/22638) ### [`v1.9.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.9.0) #### 1.9.0 (2023-05-09) ##### Breaking Changes - Changed visibility of all environment variable based properties on `EnvironmentCredentialOptions` to internal. These options are again only configurable via environment variables. ### [`v1.8.2`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.2) #### 1.8.2 (2023-02-08) ##### Bugs Fixed - Fixed error message parsing in `AzurePowerShellCredential` which would misinterpret AAD errors with the need to install PowerShell. [#31998](https://togithub.com/Azure/azure-sdk-for-net/issues/31998) - Fix regional endpoint validation error when using `ManagedIdentityCredential`. \[[#32498](https://togithub.com/Azure/azure-sdk-for-net/issues/32498)])([https://github.com/Azure/azure-sdk-for-net/issues/32498](https://togithub.com/Azure/azure-sdk-for-net/issues/32498)) ### [`v1.8.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.1) #### 1.8.1 (2023-01-13) ##### Bugs Fixed - Fixed an issue when using `ManagedIdentityCredential` in combination with authorities other than Azure public cloud that resulted in a incorrect instance metadata validation error. [#32498](https://togithub.com/Azure/azure-sdk-for-net/issues/32498) ### [`v1.8.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.8.0) #### 1.8.0 (2022-11-08) ##### Bugs Fixed - Fixed error message parsing in `AzureCliCredential` which would misinterpret AAD errors with the need to login with `az login`. [#26894](https://togithub.com/Azure/azure-sdk-for-net/issues/26894), [#29109](https://togithub.com/Azure/azure-sdk-for-net/issues/29109) - `ManagedIdentityCredential` will no longer fail when a response received from the endpoint is invalid JSON. It now treats this scenario as if the credential is unavailable. [#30467](https://togithub.com/Azure/azure-sdk-for-net/issues/30467), [#32061](https://togithub.com/Azure/azure-sdk-for-net/issues/32061) ### [`v1.7.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.7.0) #### 1.7.0 (2022-09-19) ##### Features Added - Added `AdditionallyAllowedTenants` to the following credential options to force explicit opt-in behavior for multi-tenant authentication: - `AuthorizationCodeCredentialOptions` - `AzureCliCredentialOptions` - `AzurePowerShellCredentialOptions` - `ClientAssertionCredentialOptions` - `ClientCertificateCredentialOptions` - `ClientSecretCredentialOptions` - `DefaultAzureCredentialOptions` - `OnBehalfOfCredentialOptions` - `UsernamePasswordCredentialOptions` - `VisualStudioCodeCredentialOptions` - `VisualStudioCredentialOptions` - Added `TenantId` to `DefaultAzureCredentialOptions` to avoid having to set `InteractiveBrowserTenantId`, `SharedTokenCacheTenantId`, `VisualStudioCodeTenantId`, and `VisualStudioTenantId` individually. ##### Bugs Fixed - Fixed overly restrictive scope validation to allow the '\_' character, for common scopes such as `user_impersonation` [#30647](https://togithub.com/Azure/azure-sdk-for-net/issues/30647) ##### Breaking Changes - Credential types supporting multi-tenant authentication will now throw `AuthenticationFailedException` if the requested tenant ID doesn't match the credential's tenant ID, and is not included in the `AdditionallyAllowedTenants` option. Applications must now explicitly add additional tenants to the `AdditionallyAllowedTenants` list, or add '\*' to list, to enable acquiring tokens from tenants other than the originally specified tenant ID. See [BREAKING_CHANGES.md](https://togithub.com/Azure/azure-sdk-for-net/blob/main/sdk/identity/Azure.Identity/BREAKING_CHANGES.md#170). - `ManagedIdentityCredential` token caching added in 1.7.0-beta.1 has been removed from this release and will be added back in 1.8.0-beta.1 ### [`v1.6.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.6.1) #### 1.6.1 (2022-08-08) ##### Bugs Fixed - Fixed `AZURE_REGIONAL_AUTHORITY_NAME` support in `ClientCertificateCredential` [#29112](https://togithub.com/Azure/azure-sdk-for-net/issues/29112) - Fixed regression in `SharedTokenCacheCredential` default behavior [#28029](https://togithub.com/Azure/azure-sdk-for-net/issues/28029) - Fixed legacy PowerShell discovery failures [#28030](https://togithub.com/Azure/azure-sdk-for-net/issues/28030) (A community contribution, courtesy of *[nerddtvg](https://togithub.com/nerddtvg)*) ##### Other Changes - Documentation improvements to `TokenCacheRefreshArgs` and `EnvironmentCredential` (Community contributions, courtesy of *[pmaytak](https://togithub.com/pmaytak)* and *[goenning](https://togithub.com/goenning)*) ##### Acknowledgments Thank you to our developer community members who helped to make Azure Identity better with their contributions to this release: - *[nerddtvg](https://togithub.com/nerddtvg)* - *[pmaytak](https://togithub.com/pmaytak)* - *[goenning](https://togithub.com/goenning)* ### [`v1.6.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.6.0) #### 1.6.0 (2022-04-05) ##### Features Added - Added a new property under the `Diagnostics` options available on `TokenCredentialOptions` and all sub-types. If set to `true`, we try to log the account identifiers by parsing the received access token. The account identifiers we try to log are the: - Application or Client Identifier - User Principal Name - Tenant Identifier - Object Identifier of the authenticated user or app - `ManagedIdentityCredential` now attempts to use the newest "2019-08-01" api version for App Service Managed Identity sources. The newer API version will be used if the `IDENTITY_ENDPOINT` and `IDENTITY_HEADER` environment variables are set. ##### Bugs Fixed - Fixed an issue where the x5c header is not sent for `OnBehalfOfCredential` when the `SendCertificateChain` option is set. [#27679](https://togithub.com/Azure/azure-sdk-for-net/issues/27679) ### [`v1.5.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.5.0) #### 1.5.0 (2021-10-14) ##### Breaking Changes from 1.5.0-beta.4 - The `AllowMultiTenantAuthentication` option has been removed and the default behavior is now as if it were true. The multi-tenant discovery feature can be totally disabled by either setting an `AppContext` switch named "Azure.Identity.DisableTenantDiscovery" to `true` or by setting the environment variable "AZURE_IDENTITY_DISABLE_MULTITENANTAUTH" to "true". - Removed the `IsPIILoggingEnabled` property from `TokenCredentialOptions`, similar functionality is planned to be added to `TokenCredentialOptions.Diagnostics` in a later release. - Removed `RegionalAuthority` from `ClientCertificateCredentialOptions` and `ClientSecretCredentialOptions`, along with the `RegionalAuthority` type. This feature will stay in preview, and these APIs will be added back in `1.6.0-beta.1`. - Renamed struct `TokenCacheDetails` to `TokenCacheData`. - Renamed class `TokenCacheNotificationDetails` to `TokenCacheRefreshArgs`. - Updated `CacheBytes` property on `TokenCacheData` to be readonly and a required constructor parameter. ##### Bugs Fixed - Fixed issue with `AuthorizationCodeCredential` not specifying correct redirectUrl (Issue [#24183](https://togithub.com/Azure/azure-sdk-for-net/issues/24183)) ##### Other Changes - Updated error messages to include links to the Azure.Identity troubleshooting guide. ### [`v1.4.1`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.4.1) #### 1.4.1 (2021-08-04) ##### Fixes and improvements - Fixed issue resulting in duplicate event source names when executing in Azure Functions ### [`v1.4.0`](https://togithub.com/Azure/azure-sdk-for-net/releases/tag/Azure.Identity_1.4.0) #### 1.4.0 (2021-05-12) ##### New Features - By default, the MSAL Public Client Client Capabilities are populated with "CP1" to enable support for [Continuous Access Evaluation (CAE)](https://docs.microsoft.com/azure/active-directory/develop/app-resilience-continuous-access-evaluation). This indicates to AAD that your application is CAE ready and can handle the CAE claim challenge. This capability can be disabled, if necessary, by either setting an `AppContext` switch named "Azure.Identity.DisableCP1" to `true` or by setting the environment variable; "AZURE_IDENTITY_DISABLE_CP1" to "true". Note: AppContext switches can also be configured via configuration like below: ```xml