1.6.0

• Avoid sending RT to wrong cloud (#892)
• Added logic to handle links that should open in new window in embedded webView.
• Fix code in kDF function. Add test cases
• Enabled various warnings (which we were mostly compliant with) (#814)
• Added client-side fix for the known ADFS PKeyAuth issue. (#890)

1.5.9

• Fix for filtering access tokens by claims
• Revert PkeyAuth user-agent change
• Use Xcode 12 for CI checks

1.5.8

• Return private key attributes on key pair generation.
• Update RSA signing code and add conditional check for supported iOS/osx platforms.
• Enabled PKeyAuth via UserAgent String on MacOS
• Added an API for both iOS and MacOS for returning a WKWebView config setting with default recommended settings for developers.
• Add missing functionality to MSIDAssymetricKeyPair to match Djinni Interface
• Update changelogs.txt pipeline check

1.5.7

New Features:

• Add requested_claims to access tokens in cache for MSAL CPP (#840)

1.5.6

New features:

• Support forgetting cached account (#830)
• Indicate whether SSO extension account is available for device wide SSO (#825)

Bug fixes:

• Ignore duplicate certificate authentication challenge in system webview.
• Limit telemetry archive size on disk, and save unserialized telemetry (#837)
• Normalize home account id in cache lookups #839
• Append 'PkeyAuth/1.0' keyword to the User Agent String to reliably advertise PkeyAuth capability to ADFS

Engineering changes:

• Enabling XCODE 11.4 recommended settings by default per customer request.
• Move correlationId to MSIDBaseBrokerOperationRequest
• Support bypassing redirectUri validation also on macOS
• Add swift static lib target to support AES GCM.
• Add a flag to disable logger queue.
• Fix un-reliable test case using swizzle

1.5.5

New features:

• Save last request telemetry to disk (#768)
• Save PRT expiry interval in cache to calculate PRT refresh interval more reliably (#804)
• Mark RSA public key as extractable (#813)

Fixes:

• Fix unused parameter errors for macOS target. (#816)
• Cleanup noisy SSO extension logs (#812)
• Fix a test bug where the MacKeychainTokenCache could fail to initialize (#799)
• Include redirect uri in body when redeeming refresh token at token endpoint (#815)

Engineering changes:

• Refactor crypto code for cpp integration and add api to generate ephemeral asymmetric key pair (#803)
• Add operation factory for broker installation integration with other framework (#779)
• Add logger connector which allows to override logger behaviour. (#796)
• Move openBroswerResponse handling into its operation for CPP integration (#817)
• Move broker redirectUri validation logic into common core from MSAL (#807)
• Fix an incorrectly-cased filename (#808)
• Cleanup main product targets from test files (#811)

1.5.4

• Support for proof of posession for access tokens (#738)
• Allow brokered authentication for /consumers authority (#774)
• Account metadata cleanup on account removal (#791)
• Fix an issue with guest accounts when UPN mismatches across tenants (#797)

1.5.3

• Switch to PkeyAuth on macOS (#734)
• Support returning additional WPJ info (#742)
• Fixed PkeyAuth when ADFS challenge is URL encoded (#750)
• Fixed CBA handling in MSAL (#751)
• Fixed failing unit tests on 10.15 (#760)

1.5.2

• Fix handling of cert based authentication challenge.(#756)

1.5.1

• Support client side telemetry in ESTS requests (#740, #732, #712)
• Add logging for enrollment id mismatch for access tokens (#743)
• Fix signout state caching in account metadata (#736)
• Change unit test constants to use a GUID for home account (#733)
• Support clearing SSO extension cookies (#726)
• Protect legacy macOS cache when MSAL writes into ADAL cache (#729)
• Fix NTLM crash when window is not key (#724)
• Fixed authority validation for developer known authorities (#722)