Bump Microsoft.Identity.Web.DownstreamApi from 2.18.2 to 2.20.0 in /web-app-aspnet

[dependabot[bot]]

Bumps Microsoft.Identity.Web.DownstreamApi from 2.18.2 to 2.20.0.

Release notes

Sourced from Microsoft.Identity.Web.DownstreamApi's releases.

2.20.0

• Updated to Microsoft.Identity.Abstractions 6.0.0 which adds one method to IAuthorizationHeaderProvider

New features

• Implements the updated IAuthorizationHeaderProvider interface (the new method CreateAuthorizationHeaderForAppAsync). See issue #2907
• If an IMsalHttpClientFactory is added to the service collection, it's not used by IdWeb token acquisition. See issue #2911 This will be use to enable some IPv6 scenarios.

Bug fixes

• Fix metadata address creation when using AddMicrosoftIdentityWebApp. See issue #2752
• Use MSAL.NET instead of DefaultAzureCredential for Federation identity credentials scenario. See 2894

Fundamentals

• Updating Lab Api to 0.13.3

2.19.1

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

2.19.0

• Updated to Microsoft.IdentityModel.* 7.6.0

New features

• Id Web now provides a .WithUser() modifier to the Microsoft Graph queries (like WithAppOnly()). See issue #2855 for details.
• Id Web now provides a base class for implementing a custom IAuthorizationHeaderProvider. See issue #2856 for details.

Bug fixes

• Id Web now processes the extra query parameters when included as part of the authority. See issue #2697 for details.

Changelog

Sourced from Microsoft.Identity.Web.DownstreamApi's changelog.

2.20.0

• Updated to Microsoft.Identity.Abstractions 6.0.0 which adds one method to IAuthorizationHeaderProvider

New features

• Implements the updated IAuthorizationHeaderProvider interface (the new method CreateAuthorizationHeaderForAppAsync). See issue #2907
• If a IMsalHttpClientFactory is added to the service collection, it's not used by IdWeb token acquisition. See issue #2911 This will be use to enable some IPv6 scenarios.

Bug fixes

• Fix metadata address creation when using AddMicrosoftIdentityWebApp. See issue #2752
• Use MSAL.NET instead of DefaultAzureCredential for Federation identity credentials scenario. See 2894

Fundamentals

• Updating Lab Api to 0.13.3

2.19.1

• Updated MSAL .Net to 4.61.3
• Updated Azure.Identity to 1.11.4

2.19.0

• Updated to Microsoft.IdentityModel.* 7.6.0

New features

• Id Web now provides a .WithUser() modifier to the Microsoft Graph queries (like WithAppOnly()). See issue #2855 for details.
• Id Web now provides a base class for implementing a custom IAuthorizationHeaderProvider. See issue #2856 for details.

Bug fixes

• Id Web now processes the extra query parameters when included as part of the authority. See issue #2697 for details.

Commits

• fc0b280 Update changelog.md (#2915)
• dfc26f1 Fix for #2893 - do not attempt WorkloadIdentityCredential for MSI FIC (for Id...
• dd49d78 Fix 2912 (#2913)
• 7aff5f9 Fix metadata address creation when using AddMicrosoftIdentityWebApp (#2883) (...
• 05e6d74 get registered IMsalHttpClientFactory if it is exist (#2909)
• d242d0a Implements GetAuthorizationHeaderAsync to support 1P specific scenarios (#2896)
• e142ef9 Updating Lab Api to 0.13.3 for relV2 (#2889)
• 4ab36e2 Update Azure.Identity (#2886)
• 849f437 OneBranch (#2865)
• f0a7df8 2.19.0 changelog (#2863)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)