IdentityServer4 Versions Save

As part of this release we had 44 issues closed. Next big release - after ASP.NET Core 3.1

bugs

• #4290 Fix cnf format for MTLS
• #4268 AddOidcStateDataFormatterCache broken with new JSON serializer
• #4145 Error Response with invalid redirection URI on authorize endpoint
• #4129 Fix logger category name for BackChannelLogoutHttpClient
• #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
• #4075 Error Response with invalid redirection URI
• #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

• #4390 enhancements to add logout notification service as first class service
• #4376 Features/grants enhancements
• #4361 Extend JWT token validation to accept space separated scopes
• #4360 Adapt JWT request validation to latest JAR spec
• #4357 Add iat to access tokens
• #4352 Emit jti by default
• #4343 Add option to set SameSite mode for internal cookies
• #4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
• #4245 Strict redirect uri validator app auth with path
• #4237 Make aspid profile service more extensible
• #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
• #4234 Use non-case sensitive string for any ids
• #4227 switch to named HTTP clients from factory (instead of typed)
• #4226 Reduce usage of Newtonsoft.Json
• #4210 add sid and device description to grants table
• #4208 add support for handling multiple prompt values
• #4204 Add API to interaction service to return error to client
• #4203 Improve query on cors origins. #3395
• #4202 include sid (if present) in access tokens #3955
• #4153 private_key_jwt updates
• #4026 Added AddUserSession extension method
• #4024 Add JAR support
• #4019 Add client setting to require request object
• #3979 Added notification for device code removal
• #3969 Make cnf part of Token model
• #3962 MTLS Update
• #3892 V4: Multiple signing keys
• #3761 Add a client setting to require request objects
• #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
• #3692 Removed obsolete code
• #3413 IUserSession.CreateSessionIdAsync should return sid
• #3395 Improve query on cors origins.

breaking changes

• #4335 Remove public origin setting
• #4199 scope validation refactor
• #3939 Update PKCE and Consent default settings on Client
• #3888 Cleanup SignInAsync extension methods
• #3887 V4: Make client claims serialization friendly

As part of this release we had 42 issues closed. Next big release - after ASP.NET Core 3.1

bugs

• #4290 Fix cnf format for MTLS
• #4268 AddOidcStateDataFormatterCache broken with new JSON serializer
• #4145 Error Response with invalid redirection URI on authorize endpoint
• #4129 Fix logger category name for BackChannelLogoutHttpClient
• #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
• #4075 Error Response with invalid redirection URI
• #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

• #4361 Extend JWT token validation to accept space separated scopes
• #4360 Adapt JWT request validation to latest JAR spec
• #4357 Add iat to access tokens
• #4352 Emit jti by default
• #4343 Add option to set SameSite mode for internal cookies
• #4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
• #4245 Strict redirect uri validator app auth with path
• #4237 Make aspid profile service more extensible
• #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
• #4234 Use non-case sensitive string for any ids
• #4227 switch to named HTTP clients from factory (instead of typed)
• #4226 Reduce usage of Newtonsoft.Json
• #4210 add sid and device description to grants table
• #4208 add support for handling multiple prompt values
• #4204 Add API to interaction service to return error to client
• #4203 Improve query on cors origins. #3395
• #4202 include sid (if present) in access tokens #3955
• #4153 private_key_jwt updates
• #4026 Added AddUserSession extension method
• #4024 Add JAR support
• #4019 Add client setting to require request object
• #3979 Added notification for device code removal
• #3969 Make cnf part of Token model
• #3962 MTLS Update
• #3892 V4: Multiple signing keys
• #3761 Add a client setting to require request objects
• #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
• #3692 Removed obsolete code
• #3413 IUserSession.CreateSessionIdAsync should return sid
• #3395 Improve query on cors origins.

breaking changes

• #4335 Remove public origin setting
• #4199 scope validation refactor
• #3939 Update PKCE and Consent default settings on Client
• #3888 Cleanup SignInAsync extension methods
• #3887 V4: Make client claims serialization friendly

Bug

• #3981 Updated cache expiration to use current time

As part of this release we had 32 issues closed. Next big release - after ASP.NET Core 3.1

bugs

• #4145 Error Response with invalid redirection URI on authorize endpoint
• #4129 Fix logger category name for BackChannelLogoutHttpClient
• #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
• #4075 Error Response with invalid redirection URI
• #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

• #4237 Make aspid profile service more extensible
• #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
• #4234 Use non-case sensitive string for any ids
• #4227 switch to named HTTP clients from factory (instead of typed)
• #4226 Reduce usage of Newtonsoft.Json
• #4210 add sid and device description to grants table
• #4208 add support for handling multiple prompt values
• #4204 Add API to interaction service to return error to client
• #4203 Improve query on cors origins. #3395
• #4202 include sid (if present) in access tokens #3955
• #4153 private_key_jwt updates
• #4026 Added AddUserSession extension method
• #4024 Add JAR support
• #4019 Add client setting to require request object
• #3979 Added notification for device code removal
• #3969 Make cnf part of Token model
• #3962 MTLS Update
• #3892 V4: Multiple signing keys
• #3761 Add a client setting to require request objects
• #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
• #3692 Removed obsolete code
• #3413 IUserSession.CreateSessionIdAsync should return sid
• #3395 Improve query on cors origins.

breaking changes

• #4199 scope validation refactor
• #3939 Update PKCE and Consent default settings on Client
• #3888 Cleanup SignInAsync extension methods
• #3887 V4: Make client claims serialization friendly

As part of this release we had 119 commits which resulted in 1 issue being closed.

bug

• #4100 Fix TypeLoadException with 3.1.x and Microsoft Template

As part of this release we had 3 issues closed.

bug

• #3935 Fix user code param name in DeviceController

enhancements

• #4056 Configurable JWK content type for 3.1.x
• #4043 Add crv parameter when key is loaded from a JsonWebKey

As part of this release we had 74 commits which resulted in 11 issues being closed.

bugs

• #3880 Custom URI schemes for Allowed CORS Origins failing in DefaultClientConfigurationValidator
• #3879 Append to any existing "Vary" response header when setting response header
• #3775 /resources claim still present in IdentityServerTools

enhancements

• #3895 use asynchronous EF methods
• #3893 Ignore invalid post_logout_redirect_uri
• #3891 Add option to prevent automatic lower-casing of Issuer url #3600
• #3885 Username with empty password - TokenRequestValidator
• #3881 Prevent current window from processing requests in check session JS
• #3823 Cache the CheckSessionResult Script string
• #3756 generate and return session_state for error authorization responses that are prompt=none

breaking change

• #3699 Make these extension methods internal

enhancements

• #3602 Microsoft.AspNetCore.Authentication.Abstractions nuget package deleted
• #3523 move logging before removal so the PromptMode is included in the logging

As part of this release we had 4 issues closed.

bugs

• #3704 Change HttpRequest/Response extension method namespace
• #3645 Honour EnableDeviceAuthorizationEndpoint in IsEndpointEnabled

enhancements

• #3760 Bring back /resources audience for legacy token validation scenarios
• #3727 EF Core 3.0 Performance Fix

Update to ASP.NET Core 3 RTM