Version 24.2.0

• [PATCH] Add support for Authenticator app activation links in WebView, enabling account pairing/MFA flows to launch Microsoft Authenticator directly instead of redirecting to the Play Store (#3090)
• [PATCH] Fix: WPJ's BrokerDiscovery cache crash due to shared predefined encryption key with MSAL (#3081)
• [PATCH] Fix ABBA deadlock between AzureActiveDirectory and AzureActiveDirectoryAuthority class monitors by extracting polymorphic getAuthorityURL() calls outside synchronized scopes and removing unnecessary synchronized from ConcurrentHashMap read-only methods (#3082)
• [PATCH] Optimize AcquireTokenSilent save path: replace keySet() decrypt-all with in-memory map lookup in removeAccount()/removeCredential(), add telemetry for deleteAccessTokensWithIntersectingScopes, and remove unused elapsed_time_save_account_shared_preferences attribute (#3074)
• [MINOR] Add DeviceRegistrationClientApplication as public API for OneAuth device registration with mandatory correlationId, DeviceState and DrsDiscoveryEndpoint enums (#3073)
• [MINOR] Move device registration protocol types, domain types, controller, and packer from broker to common to enable OneAuth device registration support (#3066)
• [MINOR] Upgrade compileSdkVersion to 36 and buildToolsVersion to 36.0.0 (#3065)
• [PATCH] Rename SovSG to GovSG for the Singapore sovereign cloud identifiers (#3068)
• [MINOR] Add CancellationSignal to gracefully cancel in-flight HTTP requests on ATS command-level timeout, preventing zombie worker threads from holding thread pool slots (#3055)

Version 24.1.1

• [PATCH] Fix ABBA deadlock between AzureActiveDirectory and AzureActiveDirectoryAuthority class monitors by extracting polymorphic getAuthorityURL() calls outside synchronized scopes and removing unnecessary synchronized from ConcurrentHashMap read-only methods (#3082)

Version 24.1.0

• [MINOR] Add sovereign cloud (Bleu/Delos/SovSG) instance discovery support with pre-seeded cloud metadata, cache-aware discovery routing, and ensureCloudDiscoveryForAuthority API (#3027)
• [PATCH] Fix bug in Authority.getKnownAuthorityResult where cloud discovery failure would skip knownAuthorities check and fix thread safety in Authority.isKnownAuthority and getEquivalentConfiguredAuthority with synchronized block (#3027)
• [MINOR] Add helper method in the PackageHelper class for BrokerDiscovery (#3044)
• [MINOR] Use tdbr claim to route telemetry traffic to EU region (#2679)
• [PATCH] Remove back button interception from SilentWebViewAuthorizationFragment (#3030)
• [MINOR] Add AIDL interface for device registration service.(#2926)
• [MINOR] Move debugIntuneCE and prodIntuneCE from BrokerData to AppRegistry as App instances (#3012)
• [MINOR] Remove LruCache from SharedPreferencesFileManager (#2910)
• [MINOR] Edge TB: Claims (#2925)
• [PATCH] Update Moshi to 1.15.2 to resolve okio CVE-2023-3635 vulnerability (#3005)
• [MINOR] Edge TB: PoP support (#3006)
• [MINOR] Handle target="_blank" links in authorization WebView (#3010)
• [MINOR] Handle openid-vc urls in webview (#3013)
• [MINOR] Add WebView file upload support (#3022)
• [MINOR] Enhance WebAuthn telemetry for passkey registration (#3018)
• [MINOR] Enabled opening of TLR URLs in browser by default by enabling the flight ENABLE_WEBVIEW_MULTIPLE_WINDOWS (#3042)

Version 24.0.1

• [PATCH] Allow apps to setShouldTrustDebugBrokers (#2932)

Version 24.0.0

• [MINOR] Add tracking for urls loaded by our webview (#2892)
• [MINOR] Rework OpenTelemetry spans for secret key generation and retrieval operations (#2869)
• [MAJOR] add isBrokerProcess to IPlatformUtil (#2882)
• [MINOR] Remove OpenTelemetry from keep rules (#2881)
• [MINOR] Adding ExtraQueryStringParametersForWebApps (#2891)
• [MINOR] Added flight-controlled option to enable Broker CommandDispatcher silent thread pool size based on processor count and default to 12 threads (#2897)
• [MINOR] Edge TB: Allow For Lookup Mode (#2898)

Version 23.3.0

• [MINOR] Introduce AppRegistry and refactor calling app validation (#2872)
• [MINOR] Add attributes that calculate elapsed_times using nanos (#2871)
• [MINOR] Cleanup code related to emitting ests telemetry (#2868)
• [MINOR] Skip account aggregation when responding to AcquireTokenSilent api call for OneAuth (#2863)
• [MINOR] Introduce locks at NameValueStorageFileManagerSimpleCacheImpl layer (#2842)
• [MINOR] Add flight-controlled option to expand Broker CommandDispatcher silent thread pool to 8 threads (default remains 5; MSAL clients unaffected) (#2865)
• [PATCH] Implement State-Based Timeout Classification for Silent Token Requests (#2870)
• [MINOR] Added Authentication Constants to be used for broker version and name (#2859)
• [PATCH] Adding WebAppsNonce to JWT request body (#2867)
• [MINOR] Fixed CommandDispatcherTest to avoid race condition (#2875)

Version 23.2.0

• [MINOR] Add additional allowed origins for PasskeyWebListener (#2839)
• [PATCH] Add JavascriptInterface rules to consumer proguard rules (#2837)
• [MINOR] Add optimized saveAndLoadAggregatedAccountData method in BrokerOAuth2TokenCache (#2832)
• [MINOR] Remove MavenCentral repository from build.gradle files (#2830)
• [MINOR] Determine whether broker app opts out from battery optimization (#2819)
• [MINOR] Cache Active Broker In Memory (BrokerDiscoveryClient) (#2817)
• [MINOR] Enable Broker Discovery by default in MSAL/Broker API (#2818)
• [MINOR] Fix for SDL violation in device pop scenarios, Fixes AB#3284510 (#2744)
• [MINOR] Adds Authentication Constants to be used for broker latency timestamp in response (#2831)
• [MINOR] Updating broker protocol version; updating parameter attributes (extraTokenBodyParameters and webAppsNonce) (#2848)
• [MINOR] Implemented Common logic to retrieve broker latency duration from result Broker Bundle (#2835)
• [MINOR] Add support for WebApps getToken API (#2803)
• [MINOR] Added telemetry to capture the DRSNonce call (#3302)

Version 23.1.1

• [PATCH] Share SharedPreferencesInMemoryCache across instances of BrokerOAuth2TokenCache (#2813)
• [PATCH] Use SharedPreferencesInMemoryCache implementation in Broker (#2802)

Version 23.1.0

• [MINOR] Add OpenTelemetry support for passkey operations (#2795)
• [MINOR] Add passkey registration support for WebView (#2769)
• [MINOR] Add callback for OneAuth for measuring Broker Discovery Client Perf (#2796)
• [MINOR] Add new span name for DELEGATION_CERT_INSTALL's telemetry (#2790)
• [MINOR] Refactor getAccountByLocalAccountId (#2781)
• [MINOR] Add OTel Benchmarker (#2786)
• [MINOR] WebApps AccountId Registry (#2787)
• [MINOR] Take flight value for whether to show webcp flow in weview or not in brokerless scenarios. (#2784)
• [MINOR] getAllSsoTokens method for Edge (#2774)
• [MINOR] WebApps AccountId Registry (#2787)
• [MINOR] Expose WebApps APIs (#2793)
• [MINOR] Add domainHint support to authorization request (#2792)
• [PATCH] Fix auth method blocked error handling (#2804)

Version 23.0.2

• [MAJOR] Add KeyStoreBackedSecretKeyProvider (#2674)
• [MINOR] Add Open Id configuration issuer validation reporting in OpenIdProviderConfigurationClient (#2751)
• [MINOR] Add helper method to record elapsed time (#2768)
• [MINOR] Implement TenantUtil (#2761)
• [MAJOR] Update proguard rules in common (#2756)
• [MINOR] Add query parameter for Android Release OS Version (#2754)
• [MINOR] Add client scenario to JwtRequestBody (#2755)
• [MINOR] Awaiting MFA Delegate now automatically returns the AuthMethods to be used when calling MFA Challenge (#2764)
• [MINOR] SDK now handles SMS as strong authentication method #2766
• [MINOR] Added error handling when webcp redirects have browser protocol #2767
• [PATCH] Fix for app link redirect from CCT due to forced browser preference (#2775)