diff --git a/global.json b/global.json
index 66e4a5c8a7..b7bbcb268a 100644
--- a/global.json
+++ b/global.json
@@ -1,6 +1,6 @@
{
"sdk": {
- "version": "8.0.404",
+ "version": "9.0.306",
"rollForward": "latestFeature"
}
}
diff --git a/src/client/Microsoft.Identity.Client/AppConfig/IMsalMtlsHttpClientFactory.cs b/src/client/Microsoft.Identity.Client/AppConfig/IMsalMtlsHttpClientFactory.cs
index be61953d79..151a60e729 100644
--- a/src/client/Microsoft.Identity.Client/AppConfig/IMsalMtlsHttpClientFactory.cs
+++ b/src/client/Microsoft.Identity.Client/AppConfig/IMsalMtlsHttpClientFactory.cs
@@ -7,8 +7,8 @@
namespace Microsoft.Identity.Client
{
///
- /// Internal factory responsible for creating HttpClient instances configured for mutual TLS (MTLS).
- /// This factory is specifically intended for use within the MSAL library for secure communication with Azure AD using MTLS.
+ /// A factory responsible for creating HttpClient instances configured for mutual TLS (MTLS).
+ /// This factory is intended for secure communication with Azure AD using MTLS.
/// For more details on HttpClient instancing, see https://learn.microsoft.com/dotnet/api/system.net.http.httpclient?view=net-7.0#instancing.
///
///
@@ -16,9 +16,9 @@ namespace Microsoft.Identity.Client
/// It is important to reuse HttpClient instances to avoid socket exhaustion.
/// Do not create a new HttpClient for each call to .
/// If your application requires Integrated Windows Authentication, set to true.
- /// This interface is intended for internal use by MSAL only and is designed to support MTLS scenarios.
+ /// This interface is designed to support MTLS scenarios.
///
- internal interface IMsalMtlsHttpClientFactory : IMsalHttpClientFactory
+ public interface IMsalMtlsHttpClientFactory : IMsalHttpClientFactory
{
///
/// Returns an HttpClient configured with a certificate for mutual TLS authentication.
diff --git a/src/client/Microsoft.Identity.Client/AuthenticationResult.cs b/src/client/Microsoft.Identity.Client/AuthenticationResult.cs
index 570fa706b4..c65be5c4d8 100644
--- a/src/client/Microsoft.Identity.Client/AuthenticationResult.cs
+++ b/src/client/Microsoft.Identity.Client/AuthenticationResult.cs
@@ -6,13 +6,14 @@
using System.ComponentModel;
using System.Globalization;
using System.Security.Claims;
+using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
+using Microsoft.Identity.Abstractions;
using Microsoft.Identity.Client.AuthScheme;
using Microsoft.Identity.Client.Cache;
using Microsoft.Identity.Client.Cache.Items;
using Microsoft.Identity.Client.TelemetryCore.Internal.Events;
using Microsoft.Identity.Client.Utils;
-using System.Security.Cryptography.X509Certificates;
namespace Microsoft.Identity.Client
{
@@ -135,7 +136,8 @@ internal AuthenticationResult(
ApiEvent apiEvent,
Account account,
string spaAuthCode,
- IReadOnlyDictionary additionalResponseParameters)
+ IReadOnlyDictionary additionalResponseParameters,
+ X509Certificate2 bindingCertificate = null)
{
_authenticationScheme = authenticationScheme ?? throw new ArgumentNullException(nameof(authenticationScheme));
@@ -198,6 +200,7 @@ internal AuthenticationResult(
AuthenticationResultMetadata.DurationCreatingExtendedTokenInUs = measuredResultDuration.Microseconds;
AuthenticationResultMetadata.TelemetryTokenType = authenticationScheme.TelemetryTokenType;
+ BindingCertificate = bindingCertificate;
}
//Default constructor for testing
@@ -332,9 +335,13 @@ internal AuthenticationResult() { }
/// HttpResponseMessage r = await client.GetAsync(urlOfTheProtectedApi);
///
///
- public string CreateAuthorizationHeader()
+ public AuthorizationHeaderInformation CreateAuthorizationHeader()
{
- return $"{_authenticationScheme?.AuthorizationHeaderPrefix ?? TokenType} {AccessToken}";
+ return new AuthorizationHeaderInformation()
+ {
+ AuthorizationHeaderValue = $"{_authenticationScheme?.AuthorizationHeaderPrefix ?? TokenType} {AccessToken}",
+ BindingCertificate = BindingCertificate
+ };
}
}
}
diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs
index 0ac5bd3627..d9d28785f8 100644
--- a/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs
+++ b/src/client/Microsoft.Identity.Client/Internal/Requests/RequestBase.cs
@@ -348,7 +348,8 @@ protected async Task CacheTokenResponseAndCreateAuthentica
AuthenticationRequestParameters.RequestContext.ApiEvent,
account,
msalTokenResponse.SpaAuthCode,
- msalTokenResponse.CreateExtensionDataStringMap());
+ msalTokenResponse.CreateExtensionDataStringMap(),
+ AuthenticationRequestParameters.AppConfig.ClientCredentialCertificate);
}
protected virtual void ValidateAccountIdentifiers(ClientInfo fromServer)
diff --git a/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj b/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj
index 2fbcd27067..03c7f480b7 100644
--- a/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj
+++ b/src/client/Microsoft.Identity.Client/Microsoft.Identity.Client.csproj
@@ -150,8 +150,10 @@
+
+
diff --git a/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/AbstractPlatformProxy.cs b/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/AbstractPlatformProxy.cs
index 8f2301896c..4c18c8c760 100644
--- a/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/AbstractPlatformProxy.cs
+++ b/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/AbstractPlatformProxy.cs
@@ -226,7 +226,7 @@ public virtual IDeviceAuthManager CreateDeviceAuthManager()
public virtual IMsalHttpClientFactory CreateDefaultHttpClientFactory()
{
- return new SimpleHttpClientFactory();
+ return new SecureHttpClientFactory();
}
///
diff --git a/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/SimpleHttpClientFactory.cs b/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/SecureHttpClientFactory.cs
similarity index 85%
rename from src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/SimpleHttpClientFactory.cs
rename to src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/SecureHttpClientFactory.cs
index 0e0b3c9b6f..1ab9ca6326 100644
--- a/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/SimpleHttpClientFactory.cs
+++ b/src/client/Microsoft.Identity.Client/PlatformsCommon/Shared/SecureHttpClientFactory.cs
@@ -12,13 +12,14 @@
namespace Microsoft.Identity.Client.PlatformsCommon.Shared
{
///
- /// A simple implementation of the HttpClient factory that uses a managed HttpClientHandler
+ /// An implementation of the HttpClient factory that uses a managed HttpClientHandler.
+ /// This factory is intended to be used by MTLS scenarios or where server certificate validation is required.
///
///
/// .NET should use the IHttpClientFactory, but MSAL cannot take a dependency on it.
/// .NET should use SocketHandler, but UseDefaultCredentials doesn't work with it
///
- internal class SimpleHttpClientFactory : IMsalMtlsHttpClientFactory, IMsalSFHttpClientFactory
+ public class SecureHttpClientFactory : IMsalMtlsHttpClientFactory, IMsalSFHttpClientFactory
{
//Please see (https://aka.ms/msal-httpclient-info) for important information regarding the HttpClient.
private static readonly ConcurrentDictionary s_httpClientPool = new ConcurrentDictionary();
@@ -61,11 +62,20 @@ private static HttpClient CreateMtlsHttpClient(X509Certificate2 bindingCertifica
#endif
}
+ ///
+ ///
+ ///
+ ///
public HttpClient GetHttpClient()
{
return s_httpClientPool.GetOrAdd("non_mtls", CreateHttpClient());
}
+ ///
+ ///
+ ///
+ ///
+ ///
public HttpClient GetHttpClient(X509Certificate2 x509Certificate2)
{
if (x509Certificate2 == null)
@@ -88,6 +98,11 @@ private static void CheckAndManageCache()
}
}
+ ///
+ ///
+ ///
+ ///
+ ///
// This method is used for Service Fabric scenarios where a custom server certificate validation callback is required.
// It allows the caller to provide a custom HttpClientHandler with the callback.
// The server cert rotates so we need a new HttpClient for each call.
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt
index 2e6eb10643..a6578bc816 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Shipped.txt
@@ -335,7 +335,6 @@ Microsoft.Identity.Client.AuthenticationResult.AuthenticationResult(string acces
Microsoft.Identity.Client.AuthenticationResult.AuthenticationResultMetadata.get -> Microsoft.Identity.Client.AuthenticationResultMetadata
Microsoft.Identity.Client.AuthenticationResult.ClaimsPrincipal.get -> System.Security.Claims.ClaimsPrincipal
Microsoft.Identity.Client.AuthenticationResult.CorrelationId.get -> System.Guid
-Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> string
Microsoft.Identity.Client.AuthenticationResult.ExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.IdToken.get -> string
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt
index e69de29bb2..b68ce36b68 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net462/PublicAPI.Unshipped.txt
@@ -0,0 +1,8 @@
+Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> Microsoft.Identity.Abstractions.AuthorizationHeaderInformation
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient() -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Func validateServerCert) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.SecureHttpClientFactory() -> void
\ No newline at end of file
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt
index 2e6eb10643..a6578bc816 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Shipped.txt
@@ -335,7 +335,6 @@ Microsoft.Identity.Client.AuthenticationResult.AuthenticationResult(string acces
Microsoft.Identity.Client.AuthenticationResult.AuthenticationResultMetadata.get -> Microsoft.Identity.Client.AuthenticationResultMetadata
Microsoft.Identity.Client.AuthenticationResult.ClaimsPrincipal.get -> System.Security.Claims.ClaimsPrincipal
Microsoft.Identity.Client.AuthenticationResult.CorrelationId.get -> System.Guid
-Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> string
Microsoft.Identity.Client.AuthenticationResult.ExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.IdToken.get -> string
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt
index e69de29bb2..b68ce36b68 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net472/PublicAPI.Unshipped.txt
@@ -0,0 +1,8 @@
+Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> Microsoft.Identity.Abstractions.AuthorizationHeaderInformation
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient() -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Func validateServerCert) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.SecureHttpClientFactory() -> void
\ No newline at end of file
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt
index 8ea59f58d6..fe49e60927 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Shipped.txt
@@ -336,7 +336,6 @@ Microsoft.Identity.Client.AuthenticationResult.AuthenticationResult(string acces
Microsoft.Identity.Client.AuthenticationResult.AuthenticationResultMetadata.get -> Microsoft.Identity.Client.AuthenticationResultMetadata
Microsoft.Identity.Client.AuthenticationResult.ClaimsPrincipal.get -> System.Security.Claims.ClaimsPrincipal
Microsoft.Identity.Client.AuthenticationResult.CorrelationId.get -> System.Guid
-Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> string
Microsoft.Identity.Client.AuthenticationResult.ExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.IdToken.get -> string
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt
index e69de29bb2..252373e25b 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-android/PublicAPI.Unshipped.txt
@@ -0,0 +1 @@
+Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> Microsoft.Identity.Abstractions.AuthorizationHeaderInformation
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt
index 9917a66b22..ee693037e1 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Shipped.txt
@@ -340,7 +340,6 @@ Microsoft.Identity.Client.AuthenticationResult.AuthenticationResult(string acces
Microsoft.Identity.Client.AuthenticationResult.AuthenticationResultMetadata.get -> Microsoft.Identity.Client.AuthenticationResultMetadata
Microsoft.Identity.Client.AuthenticationResult.ClaimsPrincipal.get -> System.Security.Claims.ClaimsPrincipal
Microsoft.Identity.Client.AuthenticationResult.CorrelationId.get -> System.Guid
-Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> string
Microsoft.Identity.Client.AuthenticationResult.ExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.IdToken.get -> string
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt
index e69de29bb2..252373e25b 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0-ios/PublicAPI.Unshipped.txt
@@ -0,0 +1 @@
+Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> Microsoft.Identity.Abstractions.AuthorizationHeaderInformation
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt
index f4c37d50d8..541b3ce052 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Shipped.txt
@@ -332,7 +332,6 @@ Microsoft.Identity.Client.AuthenticationResult.AuthenticationResult(string acces
Microsoft.Identity.Client.AuthenticationResult.AuthenticationResultMetadata.get -> Microsoft.Identity.Client.AuthenticationResultMetadata
Microsoft.Identity.Client.AuthenticationResult.ClaimsPrincipal.get -> System.Security.Claims.ClaimsPrincipal
Microsoft.Identity.Client.AuthenticationResult.CorrelationId.get -> System.Guid
-Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> string
Microsoft.Identity.Client.AuthenticationResult.ExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.IdToken.get -> string
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt
index e69de29bb2..b68ce36b68 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/net8.0/PublicAPI.Unshipped.txt
@@ -0,0 +1,8 @@
+Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> Microsoft.Identity.Abstractions.AuthorizationHeaderInformation
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient() -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Func validateServerCert) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.SecureHttpClientFactory() -> void
\ No newline at end of file
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt
index d4f2d8f113..7834dab5ff 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Shipped.txt
@@ -332,7 +332,6 @@ Microsoft.Identity.Client.AuthenticationResult.AuthenticationResult(string acces
Microsoft.Identity.Client.AuthenticationResult.AuthenticationResultMetadata.get -> Microsoft.Identity.Client.AuthenticationResultMetadata
Microsoft.Identity.Client.AuthenticationResult.ClaimsPrincipal.get -> System.Security.Claims.ClaimsPrincipal
Microsoft.Identity.Client.AuthenticationResult.CorrelationId.get -> System.Guid
-Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> string
Microsoft.Identity.Client.AuthenticationResult.ExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.ExtendedExpiresOn.get -> System.DateTimeOffset
Microsoft.Identity.Client.AuthenticationResult.IdToken.get -> string
diff --git a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt
index e69de29bb2..b68ce36b68 100644
--- a/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt
+++ b/src/client/Microsoft.Identity.Client/PublicApi/netstandard2.0/PublicAPI.Unshipped.txt
@@ -0,0 +1,8 @@
+Microsoft.Identity.Client.AuthenticationResult.CreateAuthorizationHeader() -> Microsoft.Identity.Abstractions.AuthorizationHeaderInformation
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory
+Microsoft.Identity.Client.IMsalMtlsHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient() -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Func validateServerCert) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.GetHttpClient(System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2) -> System.Net.Http.HttpClient
+Microsoft.Identity.Client.PlatformsCommon.Shared.SecureHttpClientFactory.SecureHttpClientFactory() -> void
\ No newline at end of file