AspNet.Security.OpenIdConnect.Server Versions Save

Most important changes:

• Calling context.HandleResponse() from the SerializeAuthorizationCode, SerializeAccessToken, SerializeIdentityToken and SerializeRefreshToken events no longer throws an exception if the authentication ticket is not explicitly set (c734c6f).
• An invalid exception message mentioning OpenIddict was reworded (cd83912).
• The authorization code/access token/identity token/refresh token deserialization methods are no longer called twice for introspection and revocation requests that specify a token_type_hint that doesn't match the actual token type (c561a34).
• A standard-compliant Expires HTTP header is now returned by the non-interactive ASOS endpoints (5af1d44).
• New constants have been added to OpenIdConnectConstants (0980fb8) (461ecd4).
• New events allowing to control the sign-in, sign-out and challenge operations have been introduced (d95810b) (3801427).

Most important changes:

• The MatchEndpointContext.Options property that had been accidentally removed in 1.0.0 has been reintroduced in 1.0.1 (f17d9a4).
• An exception is now automatically thrown at startup when registering a signing certificate that is no longer or not yet valid (583be00).
• Internal code relying on JwtSecurityTokenHandler.CreateToken()/WriteToken() has been updated to use JwtSecurityTokenHandler.CreateEncodedJwt() to ensure JWT tokens are not signed twice (a499f11).