Update dependency Microsoft.Identity.Client to 4.82.1

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Microsoft.Identity.Client (source)	4.72.1 → 4.82.1

---

Release Notes

AzureAD/microsoft-authentication-library-for-dotnet (Microsoft.Identity.Client)

v4.82.1

Compare Source

======

Bug Fixes

• Remove experimental flag requirement from IAuthenticationOperation #​5699
• Add security warning to ICustomWebUi documentation #​5704

Changes

• Adds support for implicit mTLS (Mutual TLS) transport for client assertion delegates #​5670

v4.82.0

Compare Source

======

Highlights

This release expands extensibility for confidential-client authentication (certificates + client assertions), adds additional sovereign cloud environments, and hardens security-sensitive flows (mTLS PoP and system browser auth) with clearer validation and safer defaults.

Features

• Certificate-based confidential client extensibility: Introduced CertificateOptions and updated WithCertificate extensibility APIs to accept it, including support for passing sendX5C configuration through the options model. (#​5655)
• Sovereign cloud support: Added instance discovery / authority validation support for Bleu (France), Delos (Germany), and GovSG (Singapore) cloud environments. (#​5671)
• Client assertion customization: Added WithExtraClientAssertionClaims on AcquireTokenForClientParameterBuilder to enable supplying additional signed claims in client assertions (intended for advanced scenarios and higher-level libraries). (#​5650)
• mTLS PoP guardrails: Added validation and explicit error handling when mTLS PoP is requested for unsupported environments and/or non-login.* hosts. (#​5684)
• System browser hardening: Added response_mode=form_post support for the default system browser (loopback) flow. MSAL will enforce form_post and process the authorization response from POST data. (#​5678)

Changes

• Key Attestation packaging rename: Microsoft.Identity.Client.MtlsPop renamed to Microsoft.Identity.Client.KeyAttestation (assembly/package naming update). (#​5653)

v4.81.0

Compare Source

======

Bug Fixes

• Updated the ConfidentialClientApplication's ROPC API to add WithSendX5C() during authentication requests.#​5637

v4.80.0

Compare Source

======

Features

• Added extensibility APIs—WithCertificate, OnMsalServiceFailure, and OnCompletion—to enable callback handling for certificate injection, retry on MSAL service failure events, and completion notifications #​5573
• Extend IAuthenticationOperation interface with Async methods in IAuthenticationOperation2 #​5376
• Enable IAuthenticationOperation2 to reject MSAL cached tokens and fetch new ones from ESTS #​5567

Changes

• IMDS Source Detection Logic Improvement #​5602
• Update DesktopOsHelper.IsMac to work properly on .NET 10 + macOS 26 #​5541

Bug Fixes

• Fix KeyNotFoundException during retry when headers lack correlation ID #​5617
• Implement Service Exception for IMDS Probe #​5615

v4.79.2

What's Changed

• Bump winsdk dependency by @​bgavrilMS in #​5575
• ImdsV2 probe does not fire when .WithMtlsProofOfPossesstion is not used by @​Robbie-Microsoft in #​5579
• Downgrade System.Formats.Asn1 to match ID web by @​Avery-Dunn in #​5583

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.79.0...4.79.2

v4.79.1

======

Dependency Update

This hotfix release addresses compatibility between MSAL.NET and Microsoft.Identity.Web by downgrading the System.Formats.Asn1 dependency from version 9.0.8 to 8.0.1.

What Changed

• System.Formats.Asn1 downgraded to v8.0.1 (#​5583)
  • Ensures compatibility with Microsoft.Identity.Web and other dependencies

Why This Release

MSAL.NET 4.79.0 introduced a dependency on System.Formats.Asn1 9.0.8, which created version conflicts with Microsoft.Identity.Web and other packages that require System.Formats.Asn1 8.0.1. This hotfix resolves those conflicts to maintain ecosystem compatibility.

v4.79.0

Compare Source

======

Changes

• Managed Identity IMDSv2 and new support APIs (ResetForTest, GetSourceAsync) in #​5501
• Bearer Requests should Fallback to IMDS in Preview in #​5562
• Updating MSAL to send client info = 2 on client credential flow in #​5529
• Make IMsalMtlsHttpClientFactory interface public in #​5559* Adjust WithExtraQueryParameters APIs and cache key behavior #​5536

Bug fixes

• Fix instance discovery bug in Fr cloud #​5549
• Mark WithClientAssertion API as experimental #​5551

v4.78.0

Compare Source

======

Changes

• Update SDK version from 8.0.404 to 8.0.415. #​5543
• Hide / deprecate some obscure APIs. #​5484

Bug Fixes

• Support Android edge-to-edge. #​5499
• Android broker does not support ADFS authority. #​5522

v4.77.1

Compare Source

======

• Adjusted issuer validation to accept differing paths #​5466
• Added better error message for OIDC error #​5433
• Reverted changes made for Http2 #​5462

v4.77.0

Compare Source

======

Features

• Added WinUI 3 support for Desktop Broker flows. #​5411
• Introduced extensibility API to allow users to add custom HTTP headers to token acquisition requests (under extensibility). #​5440

Changes

• Remove passing x-client-os as a query parameter in the authorization URI. #​5456
• Bump Microsoft.IdentityModel.Abstractions to a supported version. #​5452

Bug fixes

• Remove confusing error text as it only applies to one of many possible causes. #​5467

v4.76.0

Compare Source

======

New Features

• Removal of ExperimentalFeatures flag on WithMtlsProofOfPossession API
• Add Service Fabric token revocation support
• Adding WithExtraBodyParameters api
• Enable mTLS Proof‑of‑Possession for Client‑Assertion Delegates

Bug Fixes

• #​5400 Fixing issue that leads to multiple active access tokens in the cache for non-tenanted oidc authority
• Update NativeInterop package version to 0.19.4

v4.75.0

Compare Source

v4.74.1

Compare Source

======

Bug fixes

• When you configure MSAL with WithOidcAuthority(), the library now confirms that the issuer returned by the OIDC discovery endpoint matches the expected authority (including CIAM patterns) and throws an exception if it does not. #​5358

• Re-expose public AuthenticationResult constructor. A public, test-friendly constructor of AuthenticationResult was inadvertently hidden behind [Obsolete] and [EditorBrowsable(Never)]. The constructor is now publicly available again. #​5392

v4.74.0

Compare Source

======

Features

• Deprecate ROPC flow in Public Client Applications #​5355.
• AuthenticationResult exposes a new BindingCertificate property that returns the X.509 certificate bound to the access token in mTLS-PoP scenarios. #​5370.

Bug fixes

• MSAL now honors the DEFAULT_IDENTITY_CLIENT_ID environment variable when acquiring tokens from Azure Machine Learning managed-identity endpoint. #​5350.

v4.73.1

Compare Source

======

Features

• Deprecate AcquireTokenByIntegratedWindowsAuth API in #​5345

Bug fixes

• Update native interop to 0.19.2 by @​fengga in #​5362 to solve broker bugs
• update the deprecated openURL(:) api to openURL(:options:completionHandler) in #​5354

v4.73.0

Compare Source

=======

Features

• Add mac broker console app support in #​5274
• Use HTTP 2 on .NET where possible in #​5314
• Expose access token cache count in #​5330
• Add an extensibility API - WithFmiPathForClientAssertion in #​5347

Bug Fixes

• Hide ListOperatingSystemAccounts in intellisense in #​5304
• Reworked retry policy functionality & Created IMDS retry policy in #​5231

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.