Update files for Microsoft Identity Web 4.0.0 release (#3498)

* Initial plan

* Update files for 4.0.0 release: changelog and version properties

Co-authored-by: jennyf19 <19942418+jennyf19@users.noreply.github.com>

* Remove reference to PR #3481 from changelog as requested

Co-authored-by: keegan-caruso <54109988+keegan-caruso@users.noreply.github.com>

* Address review feedback: update breaking changes and remove unmerged PR references, generate API compatibility files

Co-authored-by: keegan-caruso <54109988+keegan-caruso@users.noreply.github.com>

* Update changelog for version 4.0.0

Update the changelog

* Update changelog.md

* Update Directory.Build.props

* Fixing class mismatch

* Fixing build errors

* Update Directory.Build.props

Co-authored-by: Keegan <Keegan.Caruso@microsoft.com>

* Update changelog.md

Co-authored-by: Keegan <Keegan.Caruso@microsoft.com>

* Apply suggestion from @jmprieur

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jennyf19 <19942418+jennyf19@users.noreply.github.com>
Co-authored-by: keegan-caruso <54109988+keegan-caruso@users.noreply.github.com>
Co-authored-by: Jean-Marc Prieur <jmprieur@microsoft.com>
Co-authored-by: Keegan <Keegan.Caruso@microsoft.com>

Author: 4 people

Directory.Build.props

@@ -2,12 +2,12 @@
   <PropertyGroup>
     <!--This should be passed from the VSTS build-->
     <!-- This needs to be greater than or equal to the validation baseline version -->
-    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">3.14.1</MicrosoftIdentityWebVersion>
+    <MicrosoftIdentityWebVersion Condition="'$(MicrosoftIdentityWebVersion)' == ''">4.0.0</MicrosoftIdentityWebVersion>
     <!--This will generate AssemblyVersion, AssemblyFileVersion and AssemblyInformationVersion-->
     <Version>$(MicrosoftIdentityWebVersion)</Version>
 
     <EnablePackageValidation>true</EnablePackageValidation>
-    <PackageValidationBaselineVersion>2.7.0</PackageValidationBaselineVersion>
+    <PackageValidationBaselineVersion>3.14.1</PackageValidationBaselineVersion>
 
     <AssemblyOriginatorKeyFile>$(MSBuildThisFileDirectory)\build\35MSSharedLib1024.snk</AssemblyOriginatorKeyFile>
     <RepositoryType>git</RepositoryType>
@@ -82,8 +82,8 @@
 
   <PropertyGroup Label="Common dependency versions">
     <MicrosoftIdentityModelVersion Condition="'$(MicrosoftIdentityModelVersion)' == ''">8.14.0</MicrosoftIdentityModelVersion>
-    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.77.0</MicrosoftIdentityClientVersion>
-    <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">9.4.0</MicrosoftIdentityAbstractionsVersion>
+    <MicrosoftIdentityClientVersion Condition="'$(MicrosoftIdentityClientVersion)' == ''">4.77.1</MicrosoftIdentityClientVersion>
+    <MicrosoftIdentityAbstractionsVersion Condition="'$(MicrosoftIdentityAbstractionsVersion)' == ''">9.5.0</MicrosoftIdentityAbstractionsVersion>
     <FxCopAnalyzersVersion>3.3.0</FxCopAnalyzersVersion>
     <SystemTextEncodingsWebVersion>4.7.2</SystemTextEncodingsWebVersion>
     <AzureSecurityKeyVaultSecretsVersion>4.6.0</AzureSecurityKeyVaultSecretsVersion>

changelog.md

@@ -1,3 +1,22 @@
+4.0.0
+=========
+### Breaking Changes
+**Removed support for .NET 6.0 and .NET 7.0** - Microsoft Identity Web 4.0.0 no longer targets .NET 6.0 and .NET 7.0, following Microsoft's support lifecycle. The supported target frameworks are now .NET 8.0, .NET 9.0, .NET Framework 4.6.2, .NET Framework 4.7.2, and .NET Standard 2.0.
+
+### New features
+- Various improvements to performance logging, authentication, and credential loading capabilities.
+- Bumped MSAL.NET to 4.77.1
+- Added credential description extensibility. For details, see [#3487](https://github.com/AzureAD/microsoft-identity-web/pull/3487)
+- Added a new CerticateObserverAction type: SuccessfullyUsed. See [#3505](https://github.com/AzureAD/microsoft-identity-web/pull/3505)
+- Add specification of OID (in addition to upn) for Agent User Identity. See [#3513](https://github.com/AzureAD/microsoft-identity-web/pull/3513)
+
+### Fundamentals
+- Various improvements to .NET support and dependency optimizations.
+- Added doc for Agent identities. See [Agent identities](src/Microsoft.Identity.Web.AgentIdentities/README.AgentIdentities.md)
+- Combined and fixed test collections. See [#3472](https://github.com/AzureAD/microsoft-identity-web/pull/3472)
+- Migrate repository agent rules from .clinerules to agents.md. See [#3475](https://github.com/AzureAD/microsoft-identity-web/pull/3475)
+- Add .NET 6.x setup step to dotnetcore.yml workflow, as the default build agents don't have it any longer. See [#3489](https://github.com/AzureAD/microsoft-identity-web/pull/3489)
+
 3.14.1
 =======
 ##  Bug fix

src/Microsoft.Identity.Web.Certificate/CompatibilitySuppressions.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- https://learn.microsoft.com/dotnet/fundamentals/package-validation/diagnostic-ids -->
+<Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <Suppression>
+    <DiagnosticId>CP0008</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.CertificateSource</Target>
+    <Left>lib/net6.0/Microsoft.Identity.Web.Certificate.dll</Left>
+    <Right>lib/netstandard2.0/Microsoft.Identity.Web.Certificate.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0008</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.CertificateSource</Target>
+    <Left>lib/net7.0/Microsoft.Identity.Web.Certificate.dll</Left>
+    <Right>lib/netstandard2.0/Microsoft.Identity.Web.Certificate.dll</Right>
+    <IsBaselineSuppression>true</IsBaselineSuppression>
+  </Suppression>
+</Suppressions>

src/Microsoft.Identity.Web.Sidecar/Endpoints/AuthorizationHeaderEndpoint.cs

@@ -47,7 +47,7 @@ public static void AddAuthorizationHeaderRequestEndpoints(this WebApplication ap
                 "Repeat parameters like 'optionsOverride.Scopes' to add multiple scopes.");
     }
 
-    private static async Task<Results<Ok<AuthorizationHeaderResult>, ProblemHttpResult>> AuthorizationHeaderAsync(
+    private static async Task<Results<Ok<Models.AuthorizationHeaderResult>, ProblemHttpResult>> AuthorizationHeaderAsync(
         HttpContext httpContext,
         [Description("The downstream API to acquire an authorization header for.")]
         [FromRoute]
@@ -114,6 +114,6 @@ private static async Task<Results<Ok<AuthorizationHeaderResult>, ProblemHttpResu
                 statusCode: StatusCodes.Status500InternalServerError);
         }
 
-        return TypedResults.Ok(new AuthorizationHeaderResult(authorizationHeader));
+        return TypedResults.Ok(new Models.AuthorizationHeaderResult(authorizationHeader));
     }
 }

src/Microsoft.Identity.Web.TokenAcquisition/CompatibilitySuppressions.xml

@@ -1,40 +1,46 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- https://learn.microsoft.com/dotnet/fundamentals/package-validation/diagnostic-ids -->
-<Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
-  <Suppression>
-    <DiagnosticId>CP0001</DiagnosticId>
-    <Target>T:Microsoft.Identity.Web.OpenIdConnectOptions</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0002</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ErrorPath</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0002</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ResetPasswordPath</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0006</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,System.String,Microsoft.AspNetCore.Http.HttpResponse)</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0006</DiagnosticId>
-    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,Microsoft.AspNetCore.Http.HttpResponse)</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
-  <Suppression>
-    <DiagnosticId>CP0007</DiagnosticId>
-    <Target>T:Microsoft.Identity.Web.MicrosoftIdentityOptions</Target>
-    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
-    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
-  </Suppression>
+<?xml version="1.0" encoding="utf-8"?>
+<!-- https://learn.microsoft.com/dotnet/fundamentals/package-validation/diagnostic-ids -->
+<Suppressions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+  <Suppression>
+    <DiagnosticId>CP0001</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.OpenIdConnectOptions</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0002</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityAuthenticationException.#ctor(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0002</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ErrorPath</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0002</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.MicrosoftIdentityOptions.get_ResetPasswordPath</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0006</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeader(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,System.String,Microsoft.AspNetCore.Http.HttpResponse)</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0006</DiagnosticId>
+    <Target>M:Microsoft.Identity.Web.ITokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync(System.Collections.Generic.IEnumerable{System.String},Microsoft.Identity.Client.MsalUiRequiredException,Microsoft.AspNetCore.Http.HttpResponse)</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
+  <Suppression>
+    <DiagnosticId>CP0007</DiagnosticId>
+    <Target>T:Microsoft.Identity.Web.MicrosoftIdentityOptions</Target>
+    <Left>lib/netstandard2.0/Microsoft.Identity.Web.TokenAcquisition.dll</Left>
+    <Right>lib/net8.0/Microsoft.Identity.Web.TokenAcquisition.dll</Right>
+  </Suppression>
 </Suppressions>

tests/E2E Tests/Sidecar.Tests/MockedEndToEndTests.cs

@@ -62,7 +62,7 @@ public async Task MockedAuthorizationFlow_WithValidConfiguration_ReturnsAuthoriz
         }
 
         Assert.Equal(HttpStatusCode.OK, response.StatusCode);
-        var result = JsonSerializer.Deserialize<AuthorizationHeaderResult>(content, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
+        var result = JsonSerializer.Deserialize<Microsoft.Identity.Web.Sidecar.Models.AuthorizationHeaderResult>(content, new JsonSerializerOptions { PropertyNameCaseInsensitive = true });
         Assert.NotNull(result);
         Assert.Equal(expectedAuthHeader, result.AuthorizationHeader);
     }

tests/E2E Tests/Sidecar.Tests/SidecarEndpointsE2ETests.cs

@@ -133,7 +133,7 @@ public async Task GetAuthorizationHeaderForAgentUserIdentityUnauthenticated_With
 
         Assert.True(result.IsSuccessStatusCode);
 
-        var response = await result.Content.ReadFromJsonAsync<AuthorizationHeaderResult>();
+        var response = await result.Content.ReadFromJsonAsync<Microsoft.Identity.Web.Sidecar.Models.AuthorizationHeaderResult>();
 
         Assert.NotNull(response?.AuthorizationHeader);
         Assert.StartsWith("Bearer ey", response.AuthorizationHeader, StringComparison.Ordinal);