-
Notifications
You must be signed in to change notification settings - Fork 37
/
Copy pathchangelog.txt
550 lines (442 loc) · 18.4 KB
/
changelog.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
Version 1.8.0
* Make hashed ups in logs case insensitive (#1446)
* Add new psso error (#1471)
* Add PSSO registration needs repair status in getDeviceInfo psso status (#1465)
* Suppress camera consent prompt in embedded webview when configured (#1464)
* Fix crash due to null value being added to set (#1461)
* Add new errors for passkey biometric policy mismatch (#1462)
Version 1.7.44
* Merge 1.7.42-hotfix
Version 1.7.43
* Support web_page_uri #1440
* Save error received from ESTS, and return it to the client on silent broker calls (#1438)
* XPC CommonCore Minor change to support broker XPC changes (#1436)
* Assign completion block before perform request (#1434)
Version 1.7.42-hotfix
* Add support of "lookup" mode in broker #1450
* Support web_page_uri #1440
Version 1.7.42
* Support extra query parameters on signout (#1243)
* Wrap ASAuthorizationProviderExtensionAuthorizationRequest methods (#1427)
* Replace deprecated method UIApplication.openURL(_:) (#1424)
* Add support to attach PRT during cross cloud authentication (#1431)
Version 1.7.41
* VisionOS support added to IdentityCore (#1412)
* Fix a minor crash case regarding telemetry (#1418)
* Add GetSupportedContacts API (#1421)
* Parse and add STS error codes in token error result (#1417)
* Add canShowUI property to GetToken request (#1415)
Version 1.7.40
* Increased macOS minimum version to 10.15 (#2220)
Version 1.7.39
* Fix cert auth invalid request (hotfix) (#1409)
Version 1.7.38
* Migrate existing devices using UpgradeReg API - Error definitions (#1376)
* Add MSIDThrottlingCacheHitKey flag when returning error from throttling's cache (#1393)
* Update device register to include a new hint for token protection (#1394)
* prt recovery fix , add recovery attempt count and recovery fail status to prt object(#1395)
Version 1.7.37
* Added new account type to handle On-prem ADFS scenarios. (#1397)
Version 1.7.36
* Add platform sequence telemetry param. (#1378)
* Update broker automations lab API. (#1377)
* Fix incorrect constant name without MSID prefix. (#1374)
Version 1.7.35
* Include email as scope returned if it was requested and server did not include it. (#1364)
* Fix throttling bug in fallback legacy broker interactive controller. (#1371)
* Fix crash in cert chooser (#1344).
* Add a new retry condition when request is idle and timeout(#1367).
Version 1.7.34
* Ignore local cache in broker request
Version 1.7.33
* Implement support for Custom URL Domains (CUD) for CIAM authorities (#1347)
* Support for QR+PIN (#1317)
Version 1.7.32-b
* Fix pkey auth after server side removal of registration to use isDeviceRegistered flag from ssoContext
Version 1.7.32-a
* Fix pkey auth for server side removal case
Version 1.7.32
* Implement sign out request for browser sso #1328
Version 1.7.31
* Add additional error codes for PSSO KeyId mismatch (#1322)
Version 1.7.30
* ADD get token operation for BrowserCore (#1293)
* Add support to get Passkey assertion and credentials (#1306)
* Update key auth to use current keys on sonoma (#1312)
* Map broker version to existing token result value (#1314)
Version 1.7.29
* Introduce a way to inject external WKWebviewConfiguration for MSIDWebviewUIController - needed for MSAL C++ (#1308)
Version 1.7.28
* Report WPJ v2 telemetry capability. (#1297)
* Add separate error code for OneAuth telemetry purpose (#1292)
* Logging improvements (#1290)
* Rename some internal macro (#1300)
* Added ccs request id flag (#1296)
Version 1.7.27
* Expose APIs for manually setting time_Interval for request and session resource. (#1288)
Version 1.7.26
* Stop sending web auth start notifications for certain redirects. (#1280)
* Add native message sso ext request. (#1253)
* Filter expired certs in the certificate picker (#1278)
Version 1.7.25
* Update broker redirect_uri validation with more information in invalid scenario (#1264)
Version 1.7.24
* Added method name with line number for errors in telemetry (#1266)
Version 1.7.23
* Added code that removes expired AT for Apple storage.
* Filter expired certs in the certificate picker (#1278)
Version 1.7.22
* Remove references to deprecated api. (#1252)
Version 1.7.21
* Add troubleshooting flow when doing Just in Time registration in native apps flow (#1188)
* Support read device info when ecc is on (#1240)
Version 1.7.20
* Minor fix, added missing header in MSIDKeyOperationUtil.h to fix CPP build
Version 1.7.19
* Updated extraDeviceInfo to include platform sso status on macOS
* Add support PKeyAuthPlus and ECC based JWT signature generation. (#1044)
* Created CIAM authority for MSAL (#1227)
* Return account validation as YES when did mismatch but UPN match for same utid
* Fix CBA in SSO ext flow #1233
Version 1.7.18
* Add support PKeyAuthPlus and ECC based JWT signature generation. (#1213)
Version 1.7.17
* Fix function declaration without prototype on Xcode 14.3 (#1200)
* Fix a crash when no additional info found in the device info json (#1203)
Version 1.7.16
* Add more detailed error codes for JIT (#1187)
* Add support for nested auth protocol (#1175)
* Return enrollmentId only if homeAccountId and legacyId are both empty (#1191)
* Prevent crash when missing completionBlock on local interactive aquireToken (#1193)
* Add support for memorizing certificate preference for CBA on MacOS (#1194)
Version 1.7.15
* Fix a crash when no identiy found during getting device registration information on iOS.
Version 1.7.14
* Add skip local RT when creating silent controller
Version 1.7.13
* Update minimum OS version to iOS14 and macOS 10.13
Version 1.7.12
* Fetch WPJ Metadata for specific tenantId
* Added not nil check before updating homeAccountId from clientInfo(#1155)
Version 1.7.11
* Expose extra deviceInfo(#1131)
Version 1.7.10
* Stop extra background tasks in the system webview case. (#1130)
Version 1.7.9
* Exclude telemetry for MSAL CPP to reduce binary size. (#1118)
Version 1.7.8
* Pass token result, granted scopes and declined scopes as part of error.userInfo when these values are returned as additional_tokens in the broker response. (#1114)
Version 1.7.7
* Add more utilities for test automation
* Fix a warning during telemetry decoding
Version 1.7.6
* Enable exclusion of unused IdentityCore code in MSAL C++ (#1092)
Version 1.7.5
* Multitenant PkeyAuth support (#1083)
* Expose keychain error OSStatus in errors returned by MSIDAssymetricKeyKeychainGenerator (#1079)
* Prevent logging PII in query to NSDictionary extension method (#1084)
* Expose mdmId via DeviceInfo extraDeviceInformation
* Add support to wipe cache for all accounts (#1075)
Version 1.7.4
* Fixed logic to open links within iframe in embedded webiview in itself instead of Safari. (#1074)
Version 1.7.3
* Enable additional warnings (#1042)
* sanity check sso ext response. If no meaningful will use local result (#1065)
* remove throttle noise (#1064)
* added more string util methods in string extension.
Version 1.7.2
* Use base64URLEncoding for RSA modules (#1058)
Version 1.7.1
* Add helper function used by cross cloud B2B support (#957)
* Add support of "create" prompt (#1039)
* Fix for ADAL apps that send passed In view to show spinner while blocked from showing SSO UI prompt on mac
Version 1.7.0
* Added more logging in the throttling logic & fixed throttling logic's handling of LRU cache errors. (#1032)
Version 1.6.9
* Fix issue with showing smart card's cert on macOS (#1015)
* Add telemetry for ADFS PkeyAuth challenges (#1023)
* Additional logic to toggle login keychain on/off for developers on MacOS 10.15+ based on the presence of valid keychain access group within entitlements (#1021)
* Added MSIDException/GenericException (#1024)
Version 1.6.8
* Support for Universal cache in Login Keychain on macOS 10.15+ in Developers (#1016)
Version 1.6.7
* Handle SSO Nonce response for interactive requests to authorize endpoint (#1005)
* Update default account type to MSSTS in account cache query to avoid noise in cache query (#1010)
* Internal throttle error code to distinguish cached server error (#1013)
Version 1.6.6
* Fix telemetry enum value for refresh_in getting overwritten (#996)
* Update automation for Xcode 12 UI
Version 1.6.5
* Minimum Xcode version bumped to 12.2 (#981)
* Improve telemetry storage security (#981)
* Add CCS hint header (#988)
Version 1.6.4
* Added refresh_in telemetry changes and updated schema version to 4 (#983)
* Added refresh_in changes for SilentTokenReuest flow (#975)
* Fix redirect uri parsing in cba flow (#972)
* Add preprocessor macro to turn on/off throttling.
* Revert back the logic of checking requestedClaims. (#974)
* Added new limits to sizes of client telemetry strings sent to server (#971)
Version 1.6.3
* Add refresh_on field to access tokens (#964)
* Improve logging for SSO extension and broker scenarios (#963)
* Enhanced logging in MSIDAccountCredentialCache. (#955)
* fix AT Pop sign request logic
* Throttling feature (#945)
* allow about:srcdoc in webview controller
Version 1.6.2
* Mask EUII in logs (#944)
* Added Thumbprint calculator and associated protocol for throttling (#943)
* Added unit test coverage for throttling service (#946)
Version 1.6.1
* Extend iOS background tasks to silent and interactive requests (#923)
* Added thread-safe generic MSIDLRUCache (#922)
* Fix possible deadlock caused by thread explosion (#911)
* Revert FRT and ART lookup orders (#884)
* Adding MSID contant to identify CBA flows in broker for SSO, to temporarily disable SSO with CBA flows.
Version 1.6.0
* Avoid sending RT to wrong cloud (#892)
* Added logic to handle links that should open in new window in embedded webView.
* Fix code in kDF function. Add test cases
* Enabled various warnings (which we were mostly compliant with) (#814)
* Added client-side fix for the known ADFS PKeyAuth issue. (#890)
* Broker CBA flow fix to stop SSOExtension interference.
Version 1.5.9
* Fix for filtering access tokens by requested claims.
Version 1.5.8
* Return private key attributes on key pair generation.
* Update RSA signing code and add conditional check for supported iOS/osx platforms.
* Enabled PKeyAuth via UserAgent String on MacOS
* Added an API for both iOS and MacOS for returning a WKWebView config setting with default recommended settings for developers.
* Add missing functionality to MSIDAssymetricKeyPair to match Djinni Interface
* Update changelogs.txt pipeline check
Version 1.5.7
* Add requested_claims to access tokens in cache for MSAL CPP (#840)
Version 1.5.6
* Ignore duplicate certificate authentication challenge in system webview.
* Limit telemetry archive size on disk, and save unserialized telemetry (#837)
* Normalize home account id in cache lookups #839
* Support forgetting cached account (#830)
* Enabling XCODE 11.4 recommended settings by default per customer request.
* Move correlationId to MSIDBaseBrokerOperationRequest
* Add a new pipeline for MSAL C++ checks
* Support bypassing redirectUri validation also on macOS
* Indicate whether SSO extension account is available for device wide SSO (#825)
* Add swift static lib target to support AES GCM.
* Append 'PkeyAuth/1.0' keyword to the User Agent String to reliably advertise PkeyAuth capability to ADFS
* Update Identity Core within WPJ to the latest dev branch
* Add a flag to disable logger queue.
* Fix un-reliable test case using swizzle
Version 1.5.5
* Fix unused parameter errors for macOS target. (#816)
* Move openBroswerResponse handling into its operation for CPP integration (#817)
* Cleanup noisy SSO extension logs (#812)
* Mark RSA public key as extractable (#813)
* Cleanup main product targets from test files (#811)
* Fix a test bug where the MacKeychainTokenCache could fail to initialize (#799)
* Save last request telemetry to disk (#768)
* Fix an incorrectly-cased filename (#808)
* Save PRT expiry interval in cache to calculate PRT refresh interval more reliably (#804)
* Move broker redirectUri validation logic into common core from MSAL (#807)
* Refactor crypto code for cpp integration and add api to generate ephemeral asymmetric key pair (#803)
* Add operation factory for broker installation integration with other framework (#779)
* Add logger connector which allows to override logger behaviour. (#796)
* Include redirect uri in body when redeeming refresh token at token endpoint (#815)
Version 1.5.4
-----
* Support for proof of possession for access tokens (#738)
* Allow brokered authentication for /consumers authority (#774)
* Account metadata cleanup on account removal (#791)
* Fix an issue with guest accounts when UPN mismatches across tenants (#797)
* Symmetric key support for creating a verify signature and key derivation (#805)
Version 1.5.3
-----
* Switch to PkeyAuth on macOS (#734)
* Support returning additional WPJ info (#742)
* Fixed PkeyAuth when ADFS challenge is URL encoded (#750)
* Fixed CBA handling in MSAL (#751)
* Fixed failing unit tests on 10.15 (#760)
Version 1.5.2
------
* Fix handling of certificate based authentication challenge.
Version 1.5.1
------
* Support client side telemetry in ESTS requests (#740, #732, #712)
* Add logging for enrollment id mismatch for access tokens (#743)
* Fix signout state caching in account metadata (#736)
* Change unit test constants to use a GUID for home account (#733)
* Support clearing SSO extension cookies (#726)
* Protect legacy macOS cache when MSAL writes into ADAL cache (#729)
* Fix NTLM crash when window is not key (#724)
* Fixed authority validation for developer known authorities (#722)
Version 1.5.0
------
* Added Safari SSO support for AAD SSO extension
* Switched to new lab API
* Convert access denied error to cancelled
* Removed default urn redirect uri dependency
Version 1.4.1
------
* Fixed macOS cache on 10.15 when App Identifier Prefix is different from TeamId (#697)
* Remove SHA-1 dependency from production library (#695)
* Fixed SSO extension + MSIT MFA (#704)
* Fixed SSO extension swipe down cancellation case (#703)
* Handle http headers coming from iOS broker when it is either a NSDictionary or NSString (#706)
Version 1.4.0
------
* iOS 13 SSO extension support
* FLW shared device mode support
* macOS 10.15 system webview support (ASWebAuthenticationSession)
* Account sign-in state tracking
Version 1.3.12
-------
* Keyed unarchiver deserialization fix for iOS 11.2
* Fixed account lookups and validation with the same email (#669)
Version 1.3.11
-------
* Set web config content mode to mobile on iPad
* Enable dogfood authenticator support by default
Version 1.3.10
--------
* Account lookup fix when no refresh tokens present
Version 1.3.9
---------
* Fix build issues for cpp repo to compile with CMake build
Version 1.3.8
---------
* Componentize macOS ACL keychain operations
* Improve logging of errors when not needed
* Added default implementation for ADAL legacy persistence
Version 1.3.7
---------
* Write wipe data to the macOS data protection keychain on 10.15
Version 1.3.6
----------
* Support removing RTs from other accessors
* Fix UI thread warnings
* Prevent auth controller from being swiped down
* Improve logging when error is created
* Expose instance_aware flag in MSAL config
* Remove amr64e architecture
* Fixed static analyser warnings
Version 1.3.5-hotfix2
---------
* [Broker patch] Keyed unarchiver deserialization fix for iOS 11.2
Version 1.3.5-hotfix1
----------
* [Broker patch] Fixed account lookups and validation with the same email (#669)
Version 1.3.5
-----------
* Update readme.md
* Tag MSAL 1.0.0 release
Version 1.3.4
-----------
* Fix threading issues when coming from the main thread
Version 1.3.3
-----------
* Update ACL authorization tag to kSecACLAuthorizationDecrypt for adding trusted applications to keychain items on OSX.
Version 1.3.2
-----------
* iOS 13 support for ASWebAuthenticationSession
* Support keychain access groups on macOS 10.15
Version 1.3.1
-----------
* Enable iOS 13 compatible broker
* Implement ACL control for macOS keychain
Version 1.3.0
------------
* macOS cache persistence
* MSIDAuthority refactoring to not rely on authority factors
* Logger refactoring
* Tenant profiles support
* Account metadata support
* Bug fixes
Version 1.2.2
------------
* Update to MSAL v2 broker protocol
Version 1.2.1
------------
* Apply MSAL 0.3.1 hot fix changes to current latest MSAL release (0.4.2)
Version 1.2.0
------------
* Refactored MSAL public API
* Added static library support for MSAL
Version 1.1.4
------------
* Use ASCII for PKCE instead of UTF8
* Don't return Access token if Id token or Account are missing
* Logging improvements
Version 1.1.0
------------
* Added Auth broker support to common core
Version 1.0.17
-------------
* Remove SHA-1 dependency for ADAL (#696)
Version 1.0.16
-------------
* Fix a presentation bug when both parent controller and webview are set
* Set default WKWebView content mode
Version 1.0.15
-------------
* Support removing RTs from other accessors
* Fix UI thread warnings
* Prevent auth controller from being swiped down
Version 1.0.13
------------
* Support new iOS 13 compatible broker
Version 1.0.12
------------
* ADAL True MAM CA support
Version 1.0.11
------------
* Apply hotfix 2.7.9 for Mac OS to query WPJ cert using issuers from authentication challenge
Version 1.0.10
------------
* Fixed issue when Facebook sends a dummy fragment and MSAL is not able to read the auth code (#356)
Version 1.0.9
------------
* Return user displayable ID for Intune app protection scenarios
Version 1.0.8
------------
* Don't dispatch authority metadata callback to the main thread
* Changed default teamID to avoid conflicts with other apps
Version 1.0.7
------------
* Fixed a warning in the keychain component
Version 1.0.6
------------
* Client capabilities support
* Send app name and version to ESTS
* Patch TeamID when receiving errSecInteractionNotAllowed
* Separate B2C logic from AAD v2
Version 1.0.5
------------
* Added schema compliance tests and applied a few schema changes (#259)
Version 1.0.4
------------
* Fixed occasional keychain utility crash (#254)
1.0.0-hotfix
------------
* Fixed occasional keychain utility crash (#254)
Version 1.0.3
------------
* Fix for CBA chooser
* Fix clang statis analyzer issues
* Fix WKWebView session cookie share
* Catch errors for embedded webview coming from didFailProvisionalNavigation.
* Fix other minor bugs
Version 1.0.2
------------
* Support for different authority aliases
* Support for sovereign clouds
* Support for claims challenge
* Better resiliency in case of server outages
Version 1.0.1
------------
* Added support for different webviews
* Added support for network requests
Version 1.0.0
------------
* Moved utilities from ADAL to common core
* Implemented common cache for ADAL and MSAL
* Created test utilities