Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Releases: IdentityServer/IdentityServer4

4.1.2

07 Jul 12:42
997a6cd
Compare
Choose a tag to compare

minor bug fixes

4.1.1

07 Oct 14:04
Compare
Choose a tag to compare

As part of this release we had 6 issues closed.

bugs

  • #4951 Add null check before setting consumedTime
  • #4948 DefaultClaimsService.GetIdentityTokenClaimsAsync uses wrong Resource parameter for ProfileData
  • #4929 Typo in DefaultClaimsService.cs

enhancements

  • #4942 Obfuscate refresh token and authorization code in logs
  • #4935 Update to Message to enable deserialization in .NET 5.0-rc1
  • #4711 Allow setting SameSite mode of the SessionId cookie

4.1.0

14 Sep 17:54
Compare
Choose a tag to compare

As part of this release we had 13 issues closed.

bugs

  • #4854 only re-issue session cookie when client added #4812
  • #4852 add defensive check to fix bug for when session is expired #4844
  • #4851 fix serialization bug on LogoutRequest.Parameters #4655
  • #4850 ensure consumed time is utc
  • #4849 fix bug for consent is saved regardless of RememberConsent
  • #4833 Consent is saved regardless of RememberConsent checkbox value
  • #4812 Sliding Cookies not working for implicit flow in IdentityServer4 v4.x
  • #4712 fix multiple WWW-Authenticate header to one

enhancements

  • #4870 Update JAR mime type
  • #4868 Make identity server work with publish single file in .NET 5.0
  • #4853 add more defensive check on check session endpoint #4051
  • #4794 Add missing awaits on CachingClientStore and CachingResourceStore
  • #4744 Introduce LoggingOptions.AuthorizeRequestSensitiveValuesFilter

4.0.4

24 Jul 07:21
Compare
Choose a tag to compare

As part of this release we had 2 issues closed.

bug

  • #4677 make AutoMapper v10 the min version

enhancement

  • #4649 Fix 401 malformed WWW-Authenticate

4.0.3

21 Jul 15:29
e0e8dcf
Compare
Choose a tag to compare

As part of this release we had 4 issues closed.

bugs

  • #4670 defer calls to perform signout work to avoid re-entry recursion issue with AspId
  • #4641 Fix exception message when no matching signing algorithm can be found

enhancements

  • #4611 Allow AutoMapper 10
  • #4575 Reduce log level for expired secrets

3.1.4

05 Jul 14:24
94a3115
Compare
Choose a tag to compare

As part of this release we had 2 issues closed.

bug

  • #4240 Fix UserLoginFailureEvent raised with interactive=true in resource owner grant flow

enhancement

  • #4618 validate filter values on db results

4.0.2

03 Jul 16:14
Compare
Choose a tag to compare

As part of this release we had 2 issues closed.

bug

  • #4615 Fix custom redirect after ProcessLogin for custom authorize response generators

enhancement

  • #4616 validate filter values on db results

4.0.1

29 Jun 13:46
Compare
Choose a tag to compare

As part of this release we had 1 issue closed.

bug

  • #4577 fix exception with prompt=login

4.0

19 Jun 07:21
Compare
Choose a tag to compare
4.0

As part of this release we had 58 issues closed.
Next big release - after ASP.NET Core 3.1

bugs

  • #4498 fix infinite loop in Token Cleanup after concurrency exception
  • #4496 AuthorizeInteractionResponseGenerator : MaxAge does not respect prompt=none
  • #4368 How to add a custom implementation (e.g. WsFederation) of IReturnUrlParser if everything is internal set in AuthorizationRequest class in next v4.x ?
  • #4295 DefaultClientConfigurationValidator bug
  • #4290 Fix cnf format for MTLS
  • #4268 AddOidcStateDataFormatterCache broken with new JSON serializer
  • #4173 Duplicate UserLoginSuccess/Failure events when using resource owner grant and IdentityServer4.AspNetIdentity
  • #4145 Error Response with invalid redirection URI on authorize endpoint
  • #4129 Fix logger category name for BackChannelLogoutHttpClient
  • #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
  • #4075 Error Response with invalid redirection URI
  • #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

  • #4504 Update error handling for invalid response modes
  • #4502 Update form content check to reject multipart forms
  • #4501 Update authorization code validation to do client binding check before deleting the code in the store
  • #4499 Allow setting domain on SessionIdCookie #4406
  • #4444 Make sensitive data filters configurable
  • #4439 namespace cleanup/refactor in host (to support templates)
  • #4428 add consumedtime to persisted grant and refresh token
  • #4427 Features/bootstrap update
  • #4409 Add strict JAR mode
  • #4390 enhancements to add logout notification service as first class service
  • #4376 Features/grants enhancements
  • #4361 Extend JWT token validation to accept space separated scopes
  • #4360 Adapt JWT request validation to latest JAR spec
  • #4357 Add iat to access tokens
  • #4352 Emit jti by default
  • #4343 Add option to set SameSite mode for internal cookies
  • #4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
  • #4245 Strict redirect uri validator app auth with path
  • #4237 Make aspid profile service more extensible
  • #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
  • #4234 Use non-case sensitive string for any ids
  • #4227 switch to named HTTP clients from factory (instead of typed)
  • #4226 Reduce usage of Newtonsoft.Json
  • #4210 add sid and device description to grants table
  • #4208 add support for handling multiple prompt values
  • #4204 Add API to interaction service to return error to client
  • #4203 Improve query on cors origins. #3395
  • #4202 include sid (if present) in access tokens #3955
  • #4153 private_key_jwt updates
  • #4026 Added AddUserSession extension method
  • #4024 Add JAR support
  • #4019 Add client setting to require request object
  • #3979 Added notification for device code removal
  • #3969 Make cnf part of Token model
  • #3962 MTLS Update
  • #3892 V4: Multiple signing keys
  • #3761 Add a client setting to require request objects
  • #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
  • #3692 Removed obsolete code
  • #3413 IUserSession.CreateSessionIdAsync should return sid
  • #3395 Improve query on cors origins.

breaking changes

  • #4335 Remove public origin setting
  • #4199 scope validation refactor
  • #3939 Update PKCE and Consent default settings on Client
  • #3888 Cleanup SignInAsync extension methods
  • #3887 V4: Make client claims serialization friendly

4.0 Preview 6

12 Jun 13:19
63217ae
Compare
Choose a tag to compare
4.0 Preview 6 Pre-release
Pre-release

As part of this release we had 58 issues closed.
Next big release - after ASP.NET Core 3.1

bugs

  • #4498 fix infinite loop in Token Cleanup after concurrency exception
  • #4496 AuthorizeInteractionResponseGenerator : MaxAge does not respect prompt=none
  • #4368 How to add a custom implementation (e.g. WsFederation) of IReturnUrlParser if everything is internal set in AuthorizationRequest class in next v4.x ?
  • #4295 DefaultClientConfigurationValidator bug
  • #4290 Fix cnf format for MTLS
  • #4268 AddOidcStateDataFormatterCache broken with new JSON serializer
  • #4173 Duplicate UserLoginSuccess/Failure events when using resource owner grant and IdentityServer4.AspNetIdentity
  • #4145 Error Response with invalid redirection URI on authorize endpoint
  • #4129 Fix logger category name for BackChannelLogoutHttpClient
  • #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
  • #4075 Error Response with invalid redirection URI
  • #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

  • #4504 Update error handling for invalid response modes
  • #4502 Update form content check to reject multipart forms
  • #4501 Update authorization code validation to do client binding check before deleting the code in the store
  • #4499 Allow setting domain on SessionIdCookie #4406
  • #4444 Make sensitive data filters configurable
  • #4439 namespace cleanup/refactor in host (to support templates)
  • #4428 add consumedtime to persisted grant and refresh token
  • #4427 Features/bootstrap update
  • #4409 Add strict JAR mode
  • #4390 enhancements to add logout notification service as first class service
  • #4376 Features/grants enhancements
  • #4361 Extend JWT token validation to accept space separated scopes
  • #4360 Adapt JWT request validation to latest JAR spec
  • #4357 Add iat to access tokens
  • #4352 Emit jti by default
  • #4343 Add option to set SameSite mode for internal cookies
  • #4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
  • #4245 Strict redirect uri validator app auth with path
  • #4237 Make aspid profile service more extensible
  • #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
  • #4234 Use non-case sensitive string for any ids
  • #4227 switch to named HTTP clients from factory (instead of typed)
  • #4226 Reduce usage of Newtonsoft.Json
  • #4210 add sid and device description to grants table
  • #4208 add support for handling multiple prompt values
  • #4204 Add API to interaction service to return error to client
  • #4203 Improve query on cors origins. #3395
  • #4202 include sid (if present) in access tokens #3955
  • #4153 private_key_jwt updates
  • #4026 Added AddUserSession extension method
  • #4024 Add JAR support
  • #4019 Add client setting to require request object
  • #3979 Added notification for device code removal
  • #3969 Make cnf part of Token model
  • #3962 MTLS Update
  • #3892 V4: Multiple signing keys
  • #3761 Add a client setting to require request objects
  • #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
  • #3692 Removed obsolete code
  • #3413 IUserSession.CreateSessionIdAsync should return sid
  • #3395 Improve query on cors origins.

breaking changes

  • #4335 Remove public origin setting
  • #4199 scope validation refactor
  • #3939 Update PKCE and Consent default settings on Client
  • #3888 Cleanup SignInAsync extension methods
  • #3887 V4: Make client claims serialization friendly