changelog.txt

Version 5.2.9
=============
Enhancements:
**This release updates some .NET dependencies to a newer version.**

Version 5.2.7
=============
Bug Fixes:
**Starting in ADAL.NET version 4.0.0, for ADFS, the string literal `/adfs/` was getting dropped from the authority url.** This caused the endpoints to be incorrect for ADFS. This [issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1693) has been resolved.

Version 5.2.6
=============
Bug Fixes:
**Due to incorrect parameters sent in brokered authentication requests on Android, the broker may fail to sign the user in silently.** ADAL.NET now sends the correct parameters during brokered authentication on Android. [Issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1687)

Version 5.2.5
=============
Bug Fixes:
**Due to network timeouts, hitting the instance discovery endpoint may time out.** ADAL.NET now returns a more explicit error message. [Issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1662)
**On iOS 13, the `IsBrokerResponse` method can return true if `SourceApplication` is null, which later resulted in a null ref on non-broker related calls**. ADAL.NET now checks the `openUrl` is a broker response before proceeding. [Issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1673)
**On Android with embedded webview, when setting up the password reset, the security information drop boxes were not active**. ADAL.NET now uses the correct Activity context in the embedded webview. [Issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1684)

Version 5.2.4
=============
New Features:
**ADAL .NET now stores the application token returned from the iOS broker (Authenticator)**. This may result in the user experiencing less prompts. [Issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1657)

Version 5.2.3
==============
Bug Fixes:
- **Customers reported issues signing in with the Authenticator App on iOS devices < 13 with ADAL.NET**. The issue has been resolved and increased logging included in the iOS broker scenario. See [issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1666) for more details.

Version 5.2.2
==============
Bug Fixes:
- **Ensures that ADAL.NET works with brokers on iOS 13**. On iOS 13, the iOS broker, may or may not return the source application, which will be used by ADAL.NET to verify that the response is coming from the iOS broker. To maintain secure calls, ADAL.NET will now also create a nonce to send in the broker request and will verify the same nonce is returned in the broker response in the case of a missing source application. [Issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1642)

Version 5.2.1
==============
Bug fix:
- **When using integrated Windows authentication in hybrid environments, managed (cloud) users were not able to sign-in.** Now, ADAL.NET sends the correct header information to enable seamless SSO in hybrid environments for managed users.
Additional info: 
[MSDOCS on Seamless SSO](https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso)
[Seamless SSO Wiki] (https://aka.ms/adal-seamless-sso)
[Integrated Windows Auth Wiki](https://aka.ms/adal-iwa)
[Issue 1478](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1478)

Version 5.2.0
==============
Bug fix:
- **For Web Apps and Web APIs, we recommend the serialization of one cache per account, as noted in the [wiki](https://aka.ms/adal-net-cache-serialization-web-app-web-api). If this recommendation was not followed, starting in ADAL.NET Version 5.0.0-preview, some scenarios involving the On-Behalf-Of flow and specific use cases of the UserAssertion, could result in an elevation of privilege in specific problem scenarios**. ADAL.NET now skips the MSAL.NET shared cache look up for On-Behalf-Of scenarios. Please refer to the [CVE-2019-1258](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1258) for more details.

Version 5.1.1
==============
Bug fixes:
- **When specifying a port, ADAL.NET would always make the call on port 443**. ADAL.NET now honors the port specified by the developer. [Issue 1627](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1627)
- **On Android, using embedded webview, during log-in, when the screen orientation changed, ADAL.NET lost the information the user typed into the login screen**. ADAL.NET now maintains information typed into the log in screen during screen orientation changes. See [issue for more details](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1622)
- **ADAL.NET was not correctly catching a network down exception**. ADAL.NET now catches the exception and sets it on the correct TaskCompletionSource object. [See PR for more information](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1636)

Version 5.1.0
==============
Bug fixes:
- **When returning from broker, a null ref is thrown in the token response.** ADAL.NET now returns an error message and handles the null ref correctly. [ADAL issue 1606](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1606)
- **ADAL.NET will throw a null ref if there is no UserInfo, for example in the AuthCode flow.** ADAL.NET now handles a null value in UserInfo and, if no IdToken present, will not attempt to create an MSAL refresh token and account object. [ADAL issue 1604](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1604)
- **At times, ADAL.NET would throw a null ref when getting a 504 from Gateway when instance discovery fails**. ADAL.NET now has more guards against null checks and more logging in this part of the code. [ADAL issue 1610](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1610)
- **Made the class AuthenticationParameters usable again**. This utility class will make an un-authenticated request to a protected resource and extract the authority and the resource from the Unauthorized response header [ADAL issue 1599](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1599)

Version 5.0.5
==============
- **Update ADAL.NET documentation on cache to use ADALv3 methods as default**. [ADAL issue 1593](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1593)

Version 5.0.3-preview
==============
- **ADAL.NET now creates an HttpClient that uses the AndroidClientHandler** for Android 4.1 and higher. See [documentation for more information](https://docs.microsoft.com/en-us/xamarin/android/app-fundamentals/http-stack?tabs=windows). [ADAL issue #1581](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1581)
- **SSO on UWP was not displaying a list of currently logged-in users**. ADAL.NET now honors sso on UWP and displays the logged-in user list. Developers will need to [follow the guidance in the wiki](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Acquiring-tokens-interactively---Public-client-application-flows#getting-the-redirect-uri-in-the-case-of-windows-universal-apps) for setting this up and pass in null in the RedirectUri. See [ADAL issue 1580 for more information and code snippets](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1580)
- **Custom HttpClient exceptions were not propagated in 5.0.2-preview**. ADAL.NET now returns the custom HttpClient exceptions. [ADAL issue 1575](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1575)

Version 5.0.2-preview
==============
- TokenCache before/after access notifications need to be within the cachelock boundary [1571]

Version 5.0.1-preview
==============
- **ADAL now guarantees Before/After Access is called in all cases for the TokenCache**. [Adal issue 1525](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1525)
- **In CustomWebUI flows, it's possible that the process implementing the UI is in another process**. ADAL now serializes the exceptions in this case. [ADAL issue 1526](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1526)
- **AcquireTokenByDeviceCodeAsync now supports the CancellationToken**. CancellationToken support was needed in this API to allow the developer to cancel the operation as needed. [ADAL issue 1533](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1533)
- **UI can hang due to not having proper SynchronizationContext for UI interaction**. When staring the Windows web authentication dialog, running on an MTA or STA thread, ADAL usually ends up on an MTA thread because of the async await, and then tries to create a new STA thread to run the browser on. This can result in a deadlock. ADAL now captures the synchronization context at AcquireTokenInteractive so the appropriate sync context is used when creating the interactive browser dialog. [ADAL issue 1548](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1548)
- **ADAL does not reuse the HttpClient**. A New interface is introduced `IHttpClientFactory` to pass-in the HttpClient to be used by ADAL.NET to communicate with the endpoints of Microsoft identity platform for developers. See https://aka.ms/adal-net-httpclient for details. [Adal issue 1488](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1488)
- **ADAL now creates an HttpClient that uses the NSURLSessionHandler for iOS7 and newer** [ADAL issue 1554](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1554)
- **ADAL now publishes symbols to the Microsoft Symbol Server** [ADAL issue 1540](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1540)
- **When using the `KeychainSecurityGroup` property to enable application sharing of the token cache, developers were required to include the TeamId**. Now, ADAL resolves the TeamId at runtime. A new property `iOSKeychainSecurityGroup` should be used instead. See https://aka.ms/adal-net-ios-keychain-access for details. [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1564)

Version 5.0.0-preview
==============
- **Enhancements include support for MSALv3 Cache (which is also or will soon be supported by other libraries such as Python and Java, more detail here https://aka.ms/msal-net-3x) as well as enabling users to bring their own browser as part of the Auth Code retrieval (#1521).

Version 4.5.1
===============
- **ADAL 4.5.0 and lower fails to install due to a version conflict on Android projects targeting Xamarin.Android.Support libraries version 28.x**. The ADAL Xamarin.Android.Support libraries have been updated to 27.0.2.1, the maximum version on Android8.1. [ADAL issue #1486](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1486)
- **ADAL occasionally threw a NullReferenceException during Http calls when there were network timeouts**. Now a relevant timeout AdalServiceException will be thrown. [ADAL issue #1489](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1489)

Version 4.5.0
===============

New features: 
- Developers can inject an HttpClient via a new AuthenticationContext constructor, allowing better control in scenarios such as setting a proxy

Bug fixes:
- **When using ADAL v4.4.2 and MSAL v2.6 in the same Xamarin project, a Duplicate Java type error was encountered**. The Android AuthenticationActivity defined name has been changed and is now distinct from the one in MSAL. [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1479)
- **When using brokered authentication, if the UID was not present, broker was unable to find the UID in the Android package**. Now ADAL sends the UID and package name as part of the broker options so silent authentication with broker works consistently. [ADAL PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1468)
- Fix a bug preventing an access token to be returned from the cache in scenarios involving Android Broker and cross resource access (https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1463)
- Add more logging to the Android broker flow to help investigate customer issues
- **The token cache instance was not available in debug logs**. Now the token cache is set from the request object and is available in debug logs. [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1471)

Version 4.4.2
===============
- **Removed MSAL code from this repo**

Version 4.4.1
===============
- **Fix default redirect uri for ADAL on UWP**. When using a null RedirectURI, you typically got an error. However on UWP, this is an indication that the Windows Auth Broker (WEB) will be used. [ADAL issue #1400](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1400)
- **Fix for a race condition and a crash in ADAL when using PromptBehavior = Hidden** (which is only available on some windows platforms). [ADAL issue](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/commit/663ffeb8554ac6f6feab5cf0d2550ab99f7e2556)
- **GetAccountsAsync() can now be called when the device / computer is offline**. It was making an network call to the instance discovery endpoint to determine the environments (equivalent clouds base URLs) for caching, which meant GetAccountsAsync() did not work off-line. This has been fixed and GetAccountsAsync() is not dependent on a network call and works off-line. [MSAL issue #630](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/630)

Version 4.4.0
===============
-Improvements and fixes to the token cache
- The serialized token cache can now be shared by different applications, therefore providing SSO if the same user signs-in in both applications
  - See [PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1365) and [MSAL Issue #653](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/654)
- On .NET Core, the Token cache was shared by all instances of applications in memory. This is now fixed (See MSAL.NET issue #656 and [PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1360))
- Fixes consistency issues for advanced token cache migration scenarios from ADAL v3.x to ADA v4.x to MSAL v2.x 
  - [MSAL Issue #652](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/652)
  - [MSAL Issue #651](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/651)
- Cache lookups were optimized. Work done in conjunction with ADAL.iOS and MSAL.iOS native) [PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1350)
- The ExtraQueryParameter environment variable is now read on ADAL for the .NET Core platform, as was already the case in the .NET Framework case [ADAL issue #1362](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/issues/1362)
- A Client credential API which should not be used on Xamarin.iOS, Xamarin.Android and UWP is now marked as obsolete 
  - [PR](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1375)

Version 4.3.0
===============
This release includes:
- Fix for cross-thread exception when setting the ownerWindow in PlatformParameters [ADAL issue #1277](https://github.com/AzureAD/azure-activedirectory-library-for-dotnet)
- Ensure error codes are public [MSAL issue](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/638)
- Device code flow enabled for ADFS

Version 4.2.0-preview
===============
This release includes:
- Due to static initialization, there was a race condition which appeared randomly. [MSAL issue #629](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/629)
- Improved error messages and inclusion of an [aka.ms link]( https://aka.ms/adal-net-broker-redirect-uri-android) for broker redirect error. [ADAL issue #601](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/601)
- For iOS, a clear exception message is now returned when the application is not able to access keychain, with instructions. See https://aka.ms/msal-net-enable-keychain-access for details. [MSAL issue #611](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/611)
- For iOS, TeamId is now accessible when the device is locked. [MSAL issue #626](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/626)
- For iOS, MSAL returns a useful error message, and an [aka.ms link](https://aka.ms/msal-net-enable-keychain-groups), when keychain access groups have not been set in the Entitlements.plist. [MSAL issue #633](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/633)
- UWP cache fix. The key of the storage on UWP should be 255 characters or less. When using several scopes the key could exceed 255 characters. Now hashing scopes and environment on UWP.  [612](https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/612)
- Removal of double-logging in log files and callbacks.  https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/pull/1289

Version 4.1.0-preview
===============
This release includes: 

- Integrated Windows Auth and Username / Password minor changes, such as improved error messages and http call resilience

Version 4.0.0-preview
==============
This release includes:
- Support MonoAndroid8.1 and Uap10.0 (Windows 10 applications)
- Remove support for Windows 8 and Windows Phone 8, as well as Portable-net45+win (PCL)
- Remove `Microsoft.Identity.Models.Clients.ActiveDirectory.Platform.dll` which only contained type forwarding to be binary compatible
- To preserve the single-sign-on (SSO) state, the new versions of ADAL(v4) and MSAL(v2) share the same token cache, are capable of reading the ADAL 3.x token cache 
   and are capable of writing the ADAL 3.x token cache in addition to the new cache format (named unified cache), see https://aka.ms/adal-net-to-msal-net.
   Note that on mobile platforms (UWP, Xamarin.iOS, Xamarin.Android), you will benefit automatically from the token cache sharing between ADAL and MSAL as the library handles the serialization
   to the container of choice of the platform (respectively isolated storage, iOS key chain, and Android shared preferences).
- In the Xamarin.iOS platform, AuthenticationContext has a new property named KeychainSecurityGroup. This Xamarin iOS specific property enables you to direct the application to share the 
   token cache with other applications sharing the same keychain security group. If you provide this key, you must add the capability to your Application Entitlement. 
   For more info, see https://aka.ms/adal-net-sharing-cache-on-ios. This API may change in a future release.
- For more info on the release, checkout https://aka.ms/msal-net-2-released

Version 3.19.8
==============
This hotfix release includes:
- Increasing API Surface for Subject Issuer Auth(#1091)

Version 3.19.7
==============
This hotfix release includes:
- No longer clear SecurePassword after the username password grant flow (#1087)
- Keep whitespaces inside a SAML token. This will bring better interoperability with other federated IDPs. (#1087)

Version 3.19.6
==============
This hotfix release includes:
- Updated ADAL to follow the Public Key Authentication spec when running on a non workplace joined device (#1058)

Version 3.19.5
==============
This hotfix release includes:
- Resolved issue with iOS 11.3 where network resources are reclaimed by the system when sending the app to the background (#1053)

Version 3.19.4
==============
This hotfix release includes:
- X5c claim added to AcquireTokenByAuthorizationCodeAsync for easy certificate rollover (#1043)
- Filter logs for AdalEventSource based on log level in default log (#1039)

Version 3.19.3
==============
This hotfix release includes:
- Fix for an issue with CoreCLR library writing to console by default (#1028)

Version 3.19.2
==============
This hotfix release includes:
- Fix for an issue with web UI failure on UWP platform

Version 3.19.1
==============
This hotfix release includes:
- Fix deadlock issue when calling with UI context without specifying ConfigureAwait(false)

Version 3.19.0
==============
- Adding new Api to acquire a security token from the authority while enabling simplified Azure AD certificate roll-over (#959)
- Fixing issues related to sending incorrect parameters in broker requests (#960)

Version 3.18.0
==============
This release includes
- Complicance with GDPR
	- Add PiiLoggingEnabled flag (#877)
- Include Sovereign Cloud support (#884)

Version 3.17.3
==============
- Fix an issue with IOS broker - changing the type of UserIdentifier.AnyUser from UniqueId to OptionalDisplayableId (#905)

Version 3.17.2
==============
- Re-enable binary compatibility by re-adding the platform specific assemblies containing public types and adding TypeForwardedTo attributes (#887)

Version 3.17.1
==============
This hotfix release includes the following changes to rollback breaking changes
- Move select account enum to the end of the promptbehavior list (#874)
- Move extension methods to be public instance methods in the primary assembly (#875)
- Confidential client API for Xamarin iOS and Xamarin Android get an Obsolete attribute explaining why they should not be used (with link to FAQ) (#880)

Version 3.17.0
==============
This release includes
- Removal of API surfaces accidently exposed in some platforms.
  - WinRT should only expose client credential API for confidential client flows (#768)
  - Confidential client API surface should not be exposed on iOS/Android (#759)
  - GetAuthorizationRequestUrl() API should not be exposed on WinRT, iOS and Android (#808)
  - Device Profile API should not be exposed on iOS/Android (#806)
- Update library to use [assembly: CLSCompliant(true)] (#673)
- Removal of dependency injection of platform specific DLLs (#511)
- Leak of ViewController passed with PlatformParameters (#534)
- Log Scrubbing to remove potential PII (#772, #800)
- Support to return all response headers from a failed request to the STS (#721)
- Bug fix to include inner exception details in AdalClaimChallengeException (#777)
- Fix to ensure refresh tokens are not used for incorrect environments (#290)
- Support for PromptBehavior.SelectAccount (#754)
- Fix for net47 where RSACng key was not being used correctly (#781)

Version 3.16.1
==============
This release includes
- Fix for net47 where non-exportable private key usage was failing. (#752)
- Fix api surface -- Add GetAuthRequestUrlAsync method without claims overload (#740)

Version 3.16.0
==============
This release includes
- Fix for WinRT failure when logging an empty UserInfo object (#727).
- Implement PromptBehavior support for iOS/Android
- Url encode claims for iOS with Broker (#744)

Version 3.15.0
==============
This release includes
- Support for returning claims challenge back to developer for OBO flows. (#712)
- Support for API overload to consume claims challenge. (#712)
- Handle new RSA default (RSACng) on netfx4.7 (#708)
- Minor source code cleanups to have culture invariant messages and address FxCop violations.

Version 3.14.2
==============
This release includes
- Use ISO 8601 formatted date-times in log messages (#710)
- Fix TokenCacheKey::GetHashCode to no longer be culture-specific (#717)
- More uniform use of Invariant Culture when manipulating URLs, tokens, and request messages

Version 3.14.1
==============
This release includes
- Fix SOAP message bug (GitHub issue #699)

Version 3.14.0
==============
This release includes
- Add support for ClientAssertionCertificate in CoreCLR
- Port ADAL.PCL project to .NET Standard 1.1 project (requires VS2017 to build)
- Port ADAL.CoreCLR project to .NET Standard 1.3 project (requires VS2017 to build)
- Assemblies are signed with SHA-256 certificate
- Fix an issue where silently logging in with an expired refresh token could cause a null reference exception
- Fix casing bugs in SOAP requests (GitHub issue #401)

Version 3.13.9
==============
This release includes
- Add blackforest as a trusted authority
- Addition of new US Gov STS as a trusted authority
- Limit Http Response size to 1MB
- Fix an issue where request to WS-Trust was not working when using ADAL in sovereign clouds
- Fix to ignore all navigation events once redirect_uri is reached in the webview
- Add support for configuring transitioning styles in iOS
- Add support to disable logging to platform defaults.
- Update resiliency error codes to be HTTP 500-599 (all inclusive)
- Add support to consume developer configured Proxy in HttpMessageHandler.

Version 3.13.8
==============
This release includes
- update to nuget package to fix casing of NETStandard.Library nuget dependency
- Add serialization packages to netstandard1.4 target as they are not part of netstandard.

Version 3.13.7
==============
This release contains update to nuget package to use meta package and explicitly define target frameworks for the library.

Version 3.13.6
==============
This release includes
- Fix where UWP apps were ErrorHttp was causing unhandled exception.
- Fix .NET webview to add javascript:// to whitelist.
- Fix .NET webview to ensure if redirect_uri is hit, ignore errors raised by webview after that event.
- Add support for UIStatusBarStyle in Xamarin.iOS.

Version 3.13.5
==============
This release includes
- Update to OBO flows to force userassertion match against cache entries.
- Fix an issue where UWP was not handling ErrorHttp status and returning uncaught exception.

Version 3.13.4
==============
This release includes
- Fix to force iOS UIViewController to run on UI thread.
- Fix regresssion where content was passed as a file path for UserCredential flows.
- Fix an issue where internal exception was being thrown back to the developer.

Version 3.13.3
==============
This release includes
- Fix for null pointer exception when hash was computed on a null string.
- Add support to return complete http response body as an inner exception.

Version 3.13.2
==============
This release includes
- Adding default constructor to UserInfo class to circumvent CoreCLR deserialization issue.

Version 3.13.1
==============
This release contains
- Fix to add ConfigureAwait(false) to all await calls to avoid deadlocks.
- Fix bug where null reference was thrown in Android when onResult was called for an activity.
- ext_expires_in claim was not being read from server response.
- Disable Cross-Tenant refresh token redemption for client credentials flow.
- Fix the bug where access token in authentication result could be null in multi-threaded scenarios.
- Fix a bug where UserAssertion was not assumed to be JWT by default.
- Add support for SecureString client secret.
- Fix bug where null reference exception was thrown for AcquireTokenUsingDeviceCode.

Version 3.12.0
==============
This release contains
- Support for extended lifetime tokens.
- Fix to allow hardware based keys to perform authentication.
- Validate signing certificate chain in Android.
- Update NetStandard GA packages.
- Fix bug in cache lookup where developer provided parameters were ignored.

Version 3.10.305231913
======================
This release contains
- Retargeting Xamarin Android to Lollipop (5.0)
- Fix for PromptBehavior.Always in UWP apps where prompt=login was not sent to server.


Version 3.10.305161347
======================
This release contains
- Fix in GetAuthorizationURLAsync where QP were not getting appended correctly.