|
1 | 1 | # Release History |
2 | 2 |
|
3 | | -## 2.0.0-beta.1 (Unreleased) |
4 | | - |
5 | | -This release continues with the changes from `1.2.4` and `1.2.4-beta.1`. |
6 | | - |
7 | | -- The `getToken` methods will now never return `null`. If a token is not available, we will return a rejected promise. |
8 | | -- `DefaultAzureCredential`'s implementation for browsers was simplified to throw a simple error instead of trying credentials that were already not supported for the browser. |
9 | | -- Breaking Change: `InteractiveBrowserCredential` for the browser now requires the client ID to be provided. |
10 | | -- Documentation was added to elaborate on how to configure an AAD application to support `InteractiveBrowserCredential`. |
11 | | -- Replaced the use of the 'express' module with a Node-native http server, shrinking the resulting identity module considerably |
12 | | -- Updated `@azure/msal-node-extensions` to [1.0.0-alpha.6](https://www.npmjs.com/package/@azure/msal-node-extensions/v/1.0.0-alpha.6). |
13 | | -- Refactored our use of MSAL to better centralize the handling of inputs, outputs and errors. |
14 | | -- Migrated the `InteractiveBrowserCredential`, `DeviceCodeCredential`, `ClientSecretCredential`, `ClientCertificateCredential` and `UsernamePasswordCredential` to the latest MSAL. |
15 | | - - This update improves caching of tokens, significantly reducing the number of network requests. |
16 | | -- Credentials `InteractiveBrowserCredential`, `DeviceCodeCredential` and `UsernamePasswordCredential` now can: |
17 | | - - Receive a `tokenCachePersistenceOptions` parameter to specify persitence caching of the credentials used to authenticate. This feature uses DPAPI on Windows, it tries to use the Keychain on OSX and the Keyring on Linux, and if the user sets `allowUnencryptedStorage` to true in the `tokenCachePersistenceOptions`, it allows to fall back to an unprotected file if neither the Keychain nor the Keyring are available. |
18 | | - - As part of this beta, this feature is only supported in Node 10, 12 and 14. |
19 | | - - Receive an `authenticationRecord` from a previous authentication on their constructors, which skips the initial request altogether. |
20 | | - - Receive a `disableAutomaticAuthentication` setting on the constructor, which stops `getToken` from requesting the user to authenticate manually. |
21 | | - - An `authenticate()` method has been added besides the `getToken()` method. |
22 | | - - The `authenticate()` method returns an `AuthenticationRecord` which can be serialized into strings with their property `serialize()`. To later deserialize from string into an `AuthenticationRecord`, use the new function `deserializeAuthenticationRecord()`. |
23 | | - - If `disableAutomaticAuthentication` is set on the constructor of these credentials, developers can now control when to manually authenticate by calling to these credential's `authenticate()` method. |
24 | | -- `DeviceCodeCredential` now can receive its optional parameters as a single parameter object. |
25 | | -- Breaking change: `InteractiveBrowserCredential` now only has `loginStyle` and `flow` in the optional parameters when the credential is bundled for browsers. This reflects the intended behavior. |
26 | | -- Breaking change: Removed the `postLogoutRedirectUri` from the optional properties of the `InteractiveBrowserCredential`. |
| 3 | +## 2.0.0-beta.1 (2021-03-24) |
| 4 | + |
| 5 | +This update marks the preview for the first major version update of the `@azure/identity` package since the first stable version was released in October, 2019. This is mainly driven by the improvements we are making for the `InteractiveBrowserCredential` when used in browser applications by updating it to use the new `@azure/msal-browser` which is replacing the older `msal` package. |
| 6 | + |
| 7 | +### Breaking changes |
| 8 | + |
| 9 | +- Changes to `InteractiveBrowserCredential` |
| 10 | + - When used in browser applications, the `InteractiveBrowserCredential` has been updated to use the [Auth Code Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-auth-code-flow) with [PKCE](https://tools.ietf.org/html/rfc7636) rather than [Implicit Grant Flow](https://docs.microsoft.com/azure/active-directory/develop/v2-oauth2-implicit-grant-flow) by default to better support browsers with enhanced security restrictions. Please note that this credential always used the Auth Code Flow when used in Node.js applications. Read more on this in our [docs on Interactive Browser Credential](https://github.com/Azure/azure-sdk-for-js/blob/master/sdk/identity/identity/interactive-browser-credential.md). |
| 11 | + - The default client ID used for `InteractiveBrowserCredential` was viable only in Node.js and not for the browser. Therefore, client Id is now a required parameter when constructing this credential in browser applications. |
| 12 | + - The `loginStyle` and `flow` options to the constructor for `InteractiveBrowserCredential` will now show up only when used in browser applications as these were never applicable to Node.js |
| 13 | + - Removed the `postLogoutRedirectUri` from the options to the constructor for `InteractiveBrowserCredential`. This option was not being used since we don't have a way for users to log out yet. |
| 14 | +- When a token is not available, some credentials had the promise returned by the `getToken` method resolve with `null`, others had the `getToken` method throw the `CredentialUnavailable` error. This behavior is now made consistent across all credentials to throw the `CredentialUnavailable` error. |
| 15 | + - This change has no bearing on the user if all they ever did was create the credentials and pass it to the Azure SDKs. |
| 16 | + - This change affects only those users who called the `getToken()` method directly and did not handle resulting errors. |
| 17 | +- The constructor for `DeviceCodeCredential` always had multiple optional parameters and no required ones. As per our guidelines, this has now been simplified to take a single optional bag of parameters. |
| 18 | + |
| 19 | +### New features |
| 20 | + |
| 21 | +- Changes to `InteractiveBrowserCredential`, `DeviceCodeCredential`, `ClientSecretCredential`, `ClientCertificateCredential` and `UsernamePasswordCredential`: |
| 22 | + - Migrated to use the latest MSAL. This update improves caching of tokens, significantly reducing the number of network requests. |
| 23 | + - Added the feature of persistence caching of credentials. This is driven by the new `tokenCachePersistenceOptions` option available in the options you pass to the credential constructors. |
| 24 | + - For now, to use this feature, users will need to install `@azure/msal-node-extensions` [1.0.0-alpha.6](https://www.npmjs.com/package/@azure/msal-node-extensions/v/1.0.0-alpha.6) on their own. This experience will be improved in the next update. |
| 25 | + - This feature uses DPAPI on Windows, it tries to use the Keychain on OSX and the Keyring on Linux. |
| 26 | + - To learn more on the usage, please refer to our docs on the `TokenCachePersistenceOptions` interface. |
| 27 | + - **IMPORTANT:** As part of this beta, this feature is only supported in Node 10, 12 and 14. |
| 28 | +- Changes to `InteractiveBrowserCredential`, `DeviceCodeCredential`, and `UsernamePasswordCredential`: |
| 29 | + - You can now control when the credential requests user input with the new `disableAutomaticAuthentication` option added to the options you pass to the credential constructors. |
| 30 | + - When enabled, this option stops the `getToken()` method from requesting user input in case the credential is unable to authenticate silently. |
| 31 | + - A new method `authenticate()` is added to these credentials which is similar to `getToken()`, but it does not read the `disableAutomaticAuthentication` option described above. |
| 32 | + - Use this to get an `AuthenticationRecord` which you can then use to create new credentials that will re-use the token information. |
| 33 | + - The `AuthenticationRecord` object has a `serialize()` method that allows an authenticated account to be stored as a string and re-used in another credential at any time. Use the new helper function `deserializeAuthenticationRecord` to de-serialize this string. |
| 34 | + - `authenticate()` might succeed and still return `undefined` if we're unable to pick just one account record from the cache. This might happen if the cache is being used by more than one credential, or if multiple users have authenticated using the same Client ID and Tenant ID. To ensure consistency on a program with many users, please keep track of the `AuthenticationRecord` and provide them in the constructors of the credentials on initialization. |
| 35 | + |
| 36 | +### Other changes |
| 37 | + |
| 38 | +- Updated the `@azure/msal-node` dependency to `^1.0.0`. |
| 39 | +- `DefaultAzureCredential`'s implementation for browsers is simplified to throw the `BrowserNotSupportedError` in its constructor. Previously, we relied on getting the same error from trying to instantiate the different credentials that `DefaultAzureCredential` supports in Node.js. |
| 40 | + - As before, please use only the `InteractiveBrowserCredential` in your browser applications. |
| 41 | +- For the `InteractiveBrowserCredential` for node, replaced the use of the `express` module with a native http server for Node, shrinking the resulting identity module considerably. |
| 42 | + |
| 43 | + |
27 | 44 |
|
28 | 45 | ## 1.2.4 (2021-03-08) |
29 | 46 |
|
|
0 commit comments