-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathchangelog.txt
455 lines (368 loc) · 15 KB
/
changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
Version 1.7.27
* Expose APIs for manually setting time_Interval for request and session resource. (#1288)
Version 1.7.26
* Stop sending web auth start notifications for certain redirects. (#1280)
* Add native message sso ext request. (#1253)
* Filter expired certs in the certificate picker (#1278)
Version 1.7.25
* Update broker redirect_uri validation with more information in invalid scenario (#1264)
Version 1.7.24
* Added method name with line number for errors in telemetry (#1266)
Version 1.7.23
* Added code that removes expired AT for Apple storage.
* Filter expired certs in the certificate picker (#1278)
Version 1.7.22
* Remove references to deprecated api. (#1252)
Version 1.7.21
* Add troubleshooting flow when doing Just in Time registration in native apps flow (#1188)
* Support read device info when ecc is on (#1240)
Version 1.7.20
* Minor fix, added missing header in MSIDKeyOperationUtil.h to fix CPP build
Version 1.7.19
* Updated extraDeviceInfo to include platform sso status on macOS
* Add support PKeyAuthPlus and ECC based JWT signature generation. (#1044)
* Created CIAM authority for MSAL (#1227)
* Return account validation as YES when did mismatch but UPN match for same utid
* Fix CBA in SSO ext flow #1233
Version 1.7.18
* Add support PKeyAuthPlus and ECC based JWT signature generation. (#1213)
Version 1.7.17
* Fix function declaration without prototype on Xcode 14.3 (#1200)
* Fix a crash when no additional info found in the device info json (#1203)
Version 1.7.16
* Add more detailed error codes for JIT (#1187)
* Add support for nested auth protocol (#1175)
* Return enrollmentId only if homeAccountId and legacyId are both empty (#1191)
* Prevent crash when missing completionBlock on local interactive aquireToken (#1193)
* Add support for memorizing certificate preference for CBA on MacOS (#1194)
Version 1.7.15
* Fix a crash when no identiy found during getting device registration information on iOS.
Version 1.7.14
* Add skip local RT when creating silent controller
Version 1.7.13
* Update minimum OS version to iOS14 and macOS 10.13
Version 1.7.12
* Fetch WPJ Metadata for specific tenantId
* Added not nil check before updating homeAccountId from clientInfo(#1155)
Version 1.7.11
* Expose extra deviceInfo(#1131)
Version 1.7.10
* Stop extra background tasks in the system webview case. (#1130)
Version 1.7.9
* Exclude telemetry for MSAL CPP to reduce binary size. (#1118)
Version 1.7.8
* Pass token result, granted scopes and declined scopes as part of error.userInfo when these values are returned as additional_tokens in the broker response. (#1114)
Version 1.7.7
* Add more utilities for test automation
* Fix a warning during telemetry decoding
Version 1.7.6
* Enable exclusion of unused IdentityCore code in MSAL C++ (#1092)
Version 1.7.5
* Multitenant PkeyAuth support (#1083)
* Expose keychain error OSStatus in errors returned by MSIDAssymetricKeyKeychainGenerator (#1079)
* Prevent logging PII in query to NSDictionary extension method (#1084)
* Expose mdmId via DeviceInfo extraDeviceInformation
* Add support to wipe cache for all accounts (#1075)
Version 1.7.4
* Fixed logic to open links within iframe in embedded webiview in itself instead of Safari. (#1074)
Version 1.7.3
* Enable additional warnings (#1042)
* sanity check sso ext response. If no meaningful will use local result (#1065)
* remove throttle noise (#1064)
* added more string util methods in string extension.
Version 1.7.2
* Use base64URLEncoding for RSA modules (#1058)
Version 1.7.1
* Add helper function used by cross cloud B2B support (#957)
* Add support of "create" prompt (#1039)
* Fix for ADAL apps that send passed In view to show spinner while blocked from showing SSO UI prompt on mac
Version 1.7.0
* Added more logging in the throttling logic & fixed throttling logic's handling of LRU cache errors. (#1032)
Version 1.6.9
* Fix issue with showing smart card's cert on macOS (#1015)
* Add telemetry for ADFS PkeyAuth challenges (#1023)
* Additional logic to toggle login keychain on/off for developers on MacOS 10.15+ based on the presence of valid keychain access group within entitlements (#1021)
* Added MSIDException/GenericException (#1024)
Version 1.6.8
* Support for Universal cache in Login Keychain on macOS 10.15+ in Developers (#1016)
Version 1.6.7
* Handle SSO Nonce response for interactive requests to authorize endpoint (#1005)
* Update default account type to MSSTS in account cache query to avoid noise in cache query (#1010)
* Internal throttle error code to distinguish cached server error (#1013)
Version 1.6.6
* Fix telemetry enum value for refresh_in getting overwritten (#996)
* Update automation for Xcode 12 UI
Version 1.6.5
* Minimum Xcode version bumped to 12.2 (#981)
* Improve telemetry storage security (#981)
* Add CCS hint header (#988)
Version 1.6.4
* Added refresh_in telemetry changes and updated schema version to 4 (#983)
* Added refresh_in changes for SilentTokenReuest flow (#975)
* Fix redirect uri parsing in cba flow (#972)
* Add preprocessor macro to turn on/off throttling.
* Revert back the logic of checking requestedClaims. (#974)
* Added new limits to sizes of client telemetry strings sent to server (#971)
Version 1.6.3
* Add refresh_on field to access tokens (#964)
* Improve logging for SSO extension and broker scenarios (#963)
* Enhanced logging in MSIDAccountCredentialCache. (#955)
* fix AT Pop sign request logic
* Throttling feature (#945)
* allow about:srcdoc in webview controller
Version 1.6.2
* Mask EUII in logs (#944)
* Added Thumbprint calculator and associated protocol for throttling (#943)
* Added unit test coverage for throttling service (#946)
Version 1.6.1
* Extend iOS background tasks to silent and interactive requests (#923)
* Added thread-safe generic MSIDLRUCache (#922)
* Fix possible deadlock caused by thread explosion (#911)
* Revert FRT and ART lookup orders (#884)
* Adding MSID contant to identify CBA flows in broker for SSO, to temporarily disable SSO with CBA flows.
Version 1.6.0
* Avoid sending RT to wrong cloud (#892)
* Added logic to handle links that should open in new window in embedded webView.
* Fix code in kDF function. Add test cases
* Enabled various warnings (which we were mostly compliant with) (#814)
* Added client-side fix for the known ADFS PKeyAuth issue. (#890)
* Broker CBA flow fix to stop SSOExtension interference.
Version 1.5.9
* Fix for filtering access tokens by requested claims.
Version 1.5.8
* Return private key attributes on key pair generation.
* Update RSA signing code and add conditional check for supported iOS/osx platforms.
* Enabled PKeyAuth via UserAgent String on MacOS
* Added an API for both iOS and MacOS for returning a WKWebView config setting with default recommended settings for developers.
* Add missing functionality to MSIDAssymetricKeyPair to match Djinni Interface
* Update changelogs.txt pipeline check
Version 1.5.7
* Add requested_claims to access tokens in cache for MSAL CPP (#840)
Version 1.5.6
* Ignore duplicate certificate authentication challenge in system webview.
* Limit telemetry archive size on disk, and save unserialized telemetry (#837)
* Normalize home account id in cache lookups #839
* Support forgetting cached account (#830)
* Enabling XCODE 11.4 recommended settings by default per customer request.
* Move correlationId to MSIDBaseBrokerOperationRequest
* Add a new pipeline for MSAL C++ checks
* Support bypassing redirectUri validation also on macOS
* Indicate whether SSO extension account is available for device wide SSO (#825)
* Add swift static lib target to support AES GCM.
* Append 'PkeyAuth/1.0' keyword to the User Agent String to reliably advertise PkeyAuth capability to ADFS
* Update Identity Core within WPJ to the latest dev branch
* Add a flag to disable logger queue.
* Fix un-reliable test case using swizzle
Version 1.5.5
* Fix unused parameter errors for macOS target. (#816)
* Move openBroswerResponse handling into its operation for CPP integration (#817)
* Cleanup noisy SSO extension logs (#812)
* Mark RSA public key as extractable (#813)
* Cleanup main product targets from test files (#811)
* Fix a test bug where the MacKeychainTokenCache could fail to initialize (#799)
* Save last request telemetry to disk (#768)
* Fix an incorrectly-cased filename (#808)
* Save PRT expiry interval in cache to calculate PRT refresh interval more reliably (#804)
* Move broker redirectUri validation logic into common core from MSAL (#807)
* Refactor crypto code for cpp integration and add api to generate ephemeral asymmetric key pair (#803)
* Add operation factory for broker installation integration with other framework (#779)
* Add logger connector which allows to override logger behaviour. (#796)
* Include redirect uri in body when redeeming refresh token at token endpoint (#815)
Version 1.5.4
-----
* Support for proof of possession for access tokens (#738)
* Allow brokered authentication for /consumers authority (#774)
* Account metadata cleanup on account removal (#791)
* Fix an issue with guest accounts when UPN mismatches across tenants (#797)
* Symmetric key support for creating a verify signature and key derivation (#805)
Version 1.5.3
-----
* Switch to PkeyAuth on macOS (#734)
* Support returning additional WPJ info (#742)
* Fixed PkeyAuth when ADFS challenge is URL encoded (#750)
* Fixed CBA handling in MSAL (#751)
* Fixed failing unit tests on 10.15 (#760)
Version 1.5.2
------
* Fix handling of certificate based authentication challenge.
Version 1.5.1
------
* Support client side telemetry in ESTS requests (#740, #732, #712)
* Add logging for enrollment id mismatch for access tokens (#743)
* Fix signout state caching in account metadata (#736)
* Change unit test constants to use a GUID for home account (#733)
* Support clearing SSO extension cookies (#726)
* Protect legacy macOS cache when MSAL writes into ADAL cache (#729)
* Fix NTLM crash when window is not key (#724)
* Fixed authority validation for developer known authorities (#722)
Version 1.5.0
------
* Added Safari SSO support for AAD SSO extension
* Switched to new lab API
* Convert access denied error to cancelled
* Removed default urn redirect uri dependency
Version 1.4.1
------
* Fixed macOS cache on 10.15 when App Identifier Prefix is different from TeamId (#697)
* Remove SHA-1 dependency from production library (#695)
* Fixed SSO extension + MSIT MFA (#704)
* Fixed SSO extension swipe down cancellation case (#703)
* Handle http headers coming from iOS broker when it is either a NSDictionary or NSString (#706)
Version 1.4.0
------
* iOS 13 SSO extension support
* FLW shared device mode support
* macOS 10.15 system webview support (ASWebAuthenticationSession)
* Account sign-in state tracking
Version 1.3.12
-------
* Keyed unarchiver deserialization fix for iOS 11.2
* Fixed account lookups and validation with the same email (#669)
Version 1.3.11
-------
* Set web config content mode to mobile on iPad
* Enable dogfood authenticator support by default
Version 1.3.10
--------
* Account lookup fix when no refresh tokens present
Version 1.3.9
---------
* Fix build issues for cpp repo to compile with CMake build
Version 1.3.8
---------
* Componentize macOS ACL keychain operations
* Improve logging of errors when not needed
* Added default implementation for ADAL legacy persistence
Version 1.3.7
---------
* Write wipe data to the macOS data protection keychain on 10.15
Version 1.3.6
----------
* Support removing RTs from other accessors
* Fix UI thread warnings
* Prevent auth controller from being swiped down
* Improve logging when error is created
* Expose instance_aware flag in MSAL config
* Remove amr64e architecture
* Fixed static analyser warnings
Version 1.3.5-hotfix2
---------
* [Broker patch] Keyed unarchiver deserialization fix for iOS 11.2
Version 1.3.5-hotfix1
----------
* [Broker patch] Fixed account lookups and validation with the same email (#669)
Version 1.3.5
-----------
* Update readme.md
* Tag MSAL 1.0.0 release
Version 1.3.4
-----------
* Fix threading issues when coming from the main thread
Version 1.3.3
-----------
* Update ACL authorization tag to kSecACLAuthorizationDecrypt for adding trusted applications to keychain items on OSX.
Version 1.3.2
-----------
* iOS 13 support for ASWebAuthenticationSession
* Support keychain access groups on macOS 10.15
Version 1.3.1
-----------
* Enable iOS 13 compatible broker
* Implement ACL control for macOS keychain
Version 1.3.0
------------
* macOS cache persistence
* MSIDAuthority refactoring to not rely on authority factors
* Logger refactoring
* Tenant profiles support
* Account metadata support
* Bug fixes
Version 1.2.2
------------
* Update to MSAL v2 broker protocol
Version 1.2.1
------------
* Apply MSAL 0.3.1 hot fix changes to current latest MSAL release (0.4.2)
Version 1.2.0
------------
* Refactored MSAL public API
* Added static library support for MSAL
Version 1.1.4
------------
* Use ASCII for PKCE instead of UTF8
* Don't return Access token if Id token or Account are missing
* Logging improvements
Version 1.1.0
------------
* Added Auth broker support to common core
Version 1.0.17
-------------
* Remove SHA-1 dependency for ADAL (#696)
Version 1.0.16
-------------
* Fix a presentation bug when both parent controller and webview are set
* Set default WKWebView content mode
Version 1.0.15
-------------
* Support removing RTs from other accessors
* Fix UI thread warnings
* Prevent auth controller from being swiped down
Version 1.0.13
------------
* Support new iOS 13 compatible broker
Version 1.0.12
------------
* ADAL True MAM CA support
Version 1.0.11
------------
* Apply hotfix 2.7.9 for Mac OS to query WPJ cert using issuers from authentication challenge
Version 1.0.10
------------
* Fixed issue when Facebook sends a dummy fragment and MSAL is not able to read the auth code (#356)
Version 1.0.9
------------
* Return user displayable ID for Intune app protection scenarios
Version 1.0.8
------------
* Don't dispatch authority metadata callback to the main thread
* Changed default teamID to avoid conflicts with other apps
Version 1.0.7
------------
* Fixed a warning in the keychain component
Version 1.0.6
------------
* Client capabilities support
* Send app name and version to ESTS
* Patch TeamID when receiving errSecInteractionNotAllowed
* Separate B2C logic from AAD v2
Version 1.0.5
------------
* Added schema compliance tests and applied a few schema changes (#259)
Version 1.0.4
------------
* Fixed occasional keychain utility crash (#254)
1.0.0-hotfix
------------
* Fixed occasional keychain utility crash (#254)
Version 1.0.3
------------
* Fix for CBA chooser
* Fix clang statis analyzer issues
* Fix WKWebView session cookie share
* Catch errors for embedded webview coming from didFailProvisionalNavigation.
* Fix other minor bugs
Version 1.0.2
------------
* Support for different authority aliases
* Support for sovereign clouds
* Support for claims challenge
* Better resiliency in case of server outages
Version 1.0.1
------------
* Added support for different webviews
* Added support for network requests
Version 1.0.0
------------
* Moved utilities from ADAL to common core
* Implemented common cache for ADAL and MSAL
* Created test utilities