Skip to content

CHANGELOG.md

Latest commit

 

History

History
254 lines (203 loc) · 12.5 KB

CHANGELOG.md

File metadata and controls

254 lines (203 loc) · 12.5 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

0.9.5 - 2026-02-24

Added

  • Compatible with remote development VMs (like GitHub Codespaces) by using the $BROWSER environment variable for launching OAuth login
  • Added support for multi-tenant client configs and non-tenant-GUID athorizations servers for MCP authentication

Removed

  • Removed unconditional SYSTEM_ACCESSTOKEN (PCBS token) pass-through from the ado token command (now restricted to ADO pipeline environments only)

0.9.4 - 2026-02-12

Added

  • Added support for windows arm64

0.9.3 - 2026-02-12

Added

  • Added support for linux x64 and arm64, plain text fallback for headless linux

0.9.2 - 2025-05-06

Added

  • Added support for reading auth mode from the environment variable AZUREAUTH_MODE.

0.9.1 - 2024-12-09

Changed

  • Removed CachedAuth mode if Broker is already present in auth modes on windows 10 or 11 since Broker already tries CachedAuth in a compliant way.

0.9.0 - 2024-11-07

Removed

  • Removed IWA from default authentication mode.

Changed

  • Temporarily paused the publishing of Linux binaries.
  • Upgrade MSAL from 4.59.1 to 4.65.0.
  • Upgrade Lasso from 2024.8.24.1 to 2024.10.23.1.
  • Upgrade from .NET 6 to .NET 8.
  • Disable trimmed version when publishing AzureAuth.

0.8.6 - 2024-04-25

Changed

  • Upgrade MSAL from 4.55.0 to 4.59.1.

Added

  • Added the word Warning before logging IWA failures so users worry less about IWA issues.

0.8.5 - 2024-03-06

Added

  • Added --allow-custom-scopes flag to skip validation and allow custom Azure DevOps PAT scopes.
  • Added new sub-command azureauth ado pat scopes to list the set of actual scopes the pat command validates against and print the short-link to the pat scopes docs.

0.8.4 - 2023-09-05

Changed

  • Upgrade Lasso to 2023.8.24.1.
  • Upgrade MSAL to 4.55.0.

0.8.3 - 2023-08-24

Added

  • Added support for distributing debian packages.
  • The azureauth ado pat subcommand now supports additional Azure DevOps scopes.

Fixed

  • AzureAuth now can handle SIGINT(Ctrl+C) correctly and return 2.

Changed

  • Optimize the warning message from IWA auth flow when VPN is not connected, and downgrade it to debug level.

0.8.2 - 2023-07-06

Added

  • The azureauth ado subcommands now support a --tenant flag.

Changed

  • The azureauth ado pat subcommand now validates --scope before creating a PAT.

0.8.1 - 2023-05-23

Changed

  • The azureauth ado token command uses microsoft.com as the default --domain option value.
  • MSAL Cache usage is now isolated to it's own "auth flow" always injected as the first type of auth to attempt, regardless of mode. This creates a separate telemetry event for pca_cache as a new authflow type, which is always silent. The remaining auth flows no longer attempt to use the cache first.
  • Upgraded Lasso to 2023.5.11.1 to reduce the number of log files in temp folder.

Fixed

  • In several auth flows, it was possible that errors in using the cache could result in never attempting to do interactive auth when the tool should have.

0.8.0 - 2023-04-07

Added

  • New ado sub-commands
    • azureauth ado : Prints the help for Azure Devops commands.
    • azureauth ado pat : Command for creating, and locally caching Azure Devops PATs.
    • azureauth ado token : Command for passing back a PAT from an env var, or authenticating and returning an AAD access token.

Removed

  • The root command azureauth no longer acquires AAD tokens. It prints the global help text. Use azureauth aad instead.

0.7.4 - 2023-04-05

Added

  • When the environment variable AZUREAUTH_APPLICATION_INSIGHTS_INGESTION_TOKEN is not configured, regkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureAuth\ApplicationInsightsIngestionToken will be a back up on Windows for telemetry ingestion token config.

0.7.3 - 2023-03-14

Fixed

  • Fix unusable issues on Unix platforms due to mutexes.

0.7.2 - 2023-03-08

Fixed

  • Upgrade to a new version of Lasso which patches a concurrency bug.

0.7.1 - 2023-03-03

Fixed

  • Upgrade to a new version of Lasso which patches a concurrency bug.

0.7.0 - 2023-02-22

Added

  • New telemetry fields for:
    • environment variables identifying Azure Pipelines and Cloud Build environments.
    • on-premises security identifier as sid. This is only collected on successful authentication attempts.
  • New aad command. This command is the long-term home for what is currently the top-level azureauth command. The functionality is duplicated in both commands for backwards compatibility but will be removed from the top-level command in a future release.
  • New info commands
    • azureauth info : reports AzureAuth version and a new local randomly generated and cached telemetry device ID.
    • azureauth info reset-device-id : regenerates the cached telemetry device id.

Changed

  • Migrate from single command CLI to sub-command structure.
    • Existing azureauth command is now replicated as azureauth aad.
  • Upgrade MSAL to 4.47.2 and opt-into native WAM mode.
  • Improve error telemetry collection by collecting JSON serialized version of MSAL errors. This now includes inner exceptions from MSAL which previously were missed.

Fixed

  • Replace setx usage with WM_SETTINGCHANGE in the Windows install script to prevent truncating $PATH.
  • Skip validating cache file logic on Mac, which could cause an unhandled exception when certain Special Folders don't exist for the current user.
  • Updated Lasso, fixing an issue where callers shelling out to AzureAuth were blocked on the asynchronous telemetry child processes.

Removed

  • Removed the --cache option from what is now azureauth aad, because cache file sharing is not the recommended way to achieve SSO.

0.6.0 - 2022-10-26

Fixed

  • Use system web browser as the UI for web mode auth on Windows to prevent conditional access based over-prompting.
  • Catch FileNotFoundException if an invalid configuration file is specified via the AZUREAUTH_CONFIG environment variable.

Changed

  • Upgrade the Windows build to use net6 now that net5 has reached end of life.
  • Set console output encoding to utf-8 explicitly.

0.5.4 - 2022-09-29

Fixed

  • Enable IWA auth mode when interactive authentication is disabled.

0.5.3 - 2022-09-28

Fixed

  • Increase IWA Timeout to 15 second and log WS-Trust endpoint error

0.5.2 - 2022-09-28

Fixed

  • Option --resource is not needed if option --scope is provided.
  • Refactoring IWA AuthFlow to call GetTokenIWA when we have a MsalUiRequiredException

0.5.1 - 2022-09-08

Fixed

  • Fixed a bug where we early exited before sending individual events telemetry data containing valuable error_messages.

0.5.0 - 2022-09-06

Added

  • Added functionality to disable Public Client Authentication using an environment variable AZUREAUTH_NO_USER.

  • Added --timeout functionality to provide reliable contract of allowed runtime (default: 15 minutes) and warnings as the timeout approaches.

  • Fixed a bug where broker auth prompt is hanging in the background and gives a false impression to the user that the console app is hung.

  • Fixed a bug where sometimes, when logged in with only a password (not a strong form of authentication) the broker flow could hang indefinitely, preventing fall back to another auth flow.

0.4.0 - 2022-06-23

Added

  • Environment variable AZUREAUTH_CACHE and option --cache to support a custom cache location on Windows.
  • Added Integrated Windows Authentication (IWA) functionality as the new default auth flow on Windows.
  • Send custom telemetry events for each AuthFlow.
  • The installation scripts will refuse to update the user's $PATH or shell profiles when given the -NoUpdatePath flag (on Windows) or if the $AZUREAUTH_NO_UPDATE_PATH environment variable is set (on Unix platforms).

Changed

  • The installation scripts no longer create a latest symlink/junction.

0.3.1 - 2022-06-07

Fixed

  • Fixed a bug where the tenant and resource ids were swapped in the telemetry events.

Changed

  • The version schema no longer has a v prefix (e.g. v0.3.1 is now expressed as 0.3.1).

v0.3.0 - 2022-05-03

Fixed

  • Fixed a bug to support running on Windows Server 2012 & 2016 by default (default auth mode for Windows is now broker + web).
  • Fixed a bug where device code flow authentication would not use the file cache to first attempt to get a cached token silently, causing it to always prompt.
  • Fixed a bug where the Windows installation script could encounter errors renaming the extracted directory.

Changed

  • Telemetry: If enabled, collect the app registration ids being used and whether args were valid.
  • The default for --mode on Windows is now broker + web (formerly just broker).
  • The installation scripts now extract to directories named after the release artifact from GitHub.
  • The latest directory is now a directory junction on Windows.
  • The Option --prompt-hint will have a prefix AzureAuth.

Removed

  • Removed sample projects that used the old TokenFetcherPublicClient api from the MSALWrapper project.

v0.2.0 - 2022-04-21

Security

  • Fix a bug that caused tokens to be written to log files.

Added

  • Option --prompt-hint to support custom text to prompt caller in web and WAM mode.

Changed

  • Rename the --auth-mode flag to --mode.
  • Update to MSAL 4.43.1.

Removed

  • The -t, -c, -d, -m, and -o short flags.

v0.1.0 - 2022-03-30

Added

  • Initial project release.