Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Releases: IdentityServer/IdentityServer4

4.0 Preview 5

18 May 12:58
919c2a2
Compare
Choose a tag to compare
4.0 Preview 5 Pre-release
Pre-release

As part of this release we had 44 issues closed.
Next big release - after ASP.NET Core 3.1

bugs

  • #4290 Fix cnf format for MTLS
  • #4268 AddOidcStateDataFormatterCache broken with new JSON serializer
  • #4145 Error Response with invalid redirection URI on authorize endpoint
  • #4129 Fix logger category name for BackChannelLogoutHttpClient
  • #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
  • #4075 Error Response with invalid redirection URI
  • #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

  • #4390 enhancements to add logout notification service as first class service
  • #4376 Features/grants enhancements
  • #4361 Extend JWT token validation to accept space separated scopes
  • #4360 Adapt JWT request validation to latest JAR spec
  • #4357 Add iat to access tokens
  • #4352 Emit jti by default
  • #4343 Add option to set SameSite mode for internal cookies
  • #4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
  • #4245 Strict redirect uri validator app auth with path
  • #4237 Make aspid profile service more extensible
  • #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
  • #4234 Use non-case sensitive string for any ids
  • #4227 switch to named HTTP clients from factory (instead of typed)
  • #4226 Reduce usage of Newtonsoft.Json
  • #4210 add sid and device description to grants table
  • #4208 add support for handling multiple prompt values
  • #4204 Add API to interaction service to return error to client
  • #4203 Improve query on cors origins. #3395
  • #4202 include sid (if present) in access tokens #3955
  • #4153 private_key_jwt updates
  • #4026 Added AddUserSession extension method
  • #4024 Add JAR support
  • #4019 Add client setting to require request object
  • #3979 Added notification for device code removal
  • #3969 Make cnf part of Token model
  • #3962 MTLS Update
  • #3892 V4: Multiple signing keys
  • #3761 Add a client setting to require request objects
  • #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
  • #3692 Removed obsolete code
  • #3413 IUserSession.CreateSessionIdAsync should return sid
  • #3395 Improve query on cors origins.

breaking changes

  • #4335 Remove public origin setting
  • #4199 scope validation refactor
  • #3939 Update PKCE and Consent default settings on Client
  • #3888 Cleanup SignInAsync extension methods
  • #3887 V4: Make client claims serialization friendly

4.0 Preview 4

07 May 15:42
d82898e
Compare
Choose a tag to compare
4.0 Preview 4 Pre-release
Pre-release

As part of this release we had 42 issues closed.
Next big release - after ASP.NET Core 3.1

bugs

  • #4290 Fix cnf format for MTLS
  • #4268 AddOidcStateDataFormatterCache broken with new JSON serializer
  • #4145 Error Response with invalid redirection URI on authorize endpoint
  • #4129 Fix logger category name for BackChannelLogoutHttpClient
  • #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
  • #4075 Error Response with invalid redirection URI
  • #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

  • #4361 Extend JWT token validation to accept space separated scopes
  • #4360 Adapt JWT request validation to latest JAR spec
  • #4357 Add iat to access tokens
  • #4352 Emit jti by default
  • #4343 Add option to set SameSite mode for internal cookies
  • #4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
  • #4245 Strict redirect uri validator app auth with path
  • #4237 Make aspid profile service more extensible
  • #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
  • #4234 Use non-case sensitive string for any ids
  • #4227 switch to named HTTP clients from factory (instead of typed)
  • #4226 Reduce usage of Newtonsoft.Json
  • #4210 add sid and device description to grants table
  • #4208 add support for handling multiple prompt values
  • #4204 Add API to interaction service to return error to client
  • #4203 Improve query on cors origins. #3395
  • #4202 include sid (if present) in access tokens #3955
  • #4153 private_key_jwt updates
  • #4026 Added AddUserSession extension method
  • #4024 Add JAR support
  • #4019 Add client setting to require request object
  • #3979 Added notification for device code removal
  • #3969 Make cnf part of Token model
  • #3962 MTLS Update
  • #3892 V4: Multiple signing keys
  • #3761 Add a client setting to require request objects
  • #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
  • #3692 Removed obsolete code
  • #3413 IUserSession.CreateSessionIdAsync should return sid
  • #3395 Improve query on cors origins.

breaking changes

  • #4335 Remove public origin setting
  • #4199 scope validation refactor
  • #3939 Update PKCE and Consent default settings on Client
  • #3888 Cleanup SignInAsync extension methods
  • #3887 V4: Make client claims serialization friendly

3.1.3

27 Apr 07:36
Compare
Choose a tag to compare

Bug

  • #3981 Updated cache expiration to use current time

4.0 Preview 3

31 Mar 15:50
88afb8f
Compare
Choose a tag to compare
4.0 Preview 3 Pre-release
Pre-release

As part of this release we had 32 issues closed.
Next big release - after ASP.NET Core 3.1

bugs

  • #4145 Error Response with invalid redirection URI on authorize endpoint
  • #4129 Fix logger category name for BackChannelLogoutHttpClient
  • #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
  • #4075 Error Response with invalid redirection URI
  • #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

  • #4237 Make aspid profile service more extensible
  • #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
  • #4234 Use non-case sensitive string for any ids
  • #4227 switch to named HTTP clients from factory (instead of typed)
  • #4226 Reduce usage of Newtonsoft.Json
  • #4210 add sid and device description to grants table
  • #4208 add support for handling multiple prompt values
  • #4204 Add API to interaction service to return error to client
  • #4203 Improve query on cors origins. #3395
  • #4202 include sid (if present) in access tokens #3955
  • #4153 private_key_jwt updates
  • #4026 Added AddUserSession extension method
  • #4024 Add JAR support
  • #4019 Add client setting to require request object
  • #3979 Added notification for device code removal
  • #3969 Make cnf part of Token model
  • #3962 MTLS Update
  • #3892 V4: Multiple signing keys
  • #3761 Add a client setting to require request objects
  • #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
  • #3692 Removed obsolete code
  • #3413 IUserSession.CreateSessionIdAsync should return sid
  • #3395 Improve query on cors origins.

breaking changes

  • #4199 scope validation refactor
  • #3939 Update PKCE and Consent default settings on Client
  • #3888 Cleanup SignInAsync extension methods
  • #3887 V4: Make client claims serialization friendly

3.1.2

20 Feb 08:26
Compare
Choose a tag to compare

As part of this release we had 119 commits which resulted in 1 issue being closed.

bug

  • #4100 Fix TypeLoadException with 3.1.x and Microsoft Template

3.1.1

06 Feb 15:00
Compare
Choose a tag to compare

As part of this release we had 3 issues closed.

bug

  • #3935 Fix user code param name in DeviceController

enhancements

  • #4056 Configurable JWK content type for 3.1.x
  • #4043 Add crv parameter when key is loaded from a JsonWebKey

3.1

20 Dec 16:01
Compare
Choose a tag to compare
3.1

As part of this release we had 74 commits which resulted in 11 issues being closed.

bugs

  • #3880 Custom URI schemes for Allowed CORS Origins failing in DefaultClientConfigurationValidator
  • #3879 Append to any existing "Vary" response header when setting response header
  • #3775 /resources claim still present in IdentityServerTools

enhancements

  • #3895 use asynchronous EF methods
  • #3893 Ignore invalid post_logout_redirect_uri
  • #3891 Add option to prevent automatic lower-casing of Issuer url #3600
  • #3885 Username with empty password - TokenRequestValidator
  • #3881 Prevent current window from processing requests in check session JS
  • #3823 Cache the CheckSessionResult Script string
  • #3756 generate and return session_state for error authorization responses that are prompt=none

breaking change

  • #3699 Make these extension methods internal

2.5.4

11 Dec 16:16
7fb5b9b
Compare
Choose a tag to compare

enhancements

  • #3602 Microsoft.AspNetCore.Authentication.Abstractions nuget package deleted
  • #3523 move logging before removal so the PromptMode is included in the logging

3.0.2

23 Oct 15:17
Compare
Choose a tag to compare

As part of this release we had 4 issues closed.

bugs

  • #3704 Change HttpRequest/Response extension method namespace
  • #3645 Honour EnableDeviceAuthorizationEndpoint in IsEndpointEnabled

enhancements

  • #3760 Bring back /resources audience for legacy token validation scenarios
  • #3727 EF Core 3.0 Performance Fix

3.0.1

25 Sep 14:41
Compare
Choose a tag to compare

Update to ASP.NET Core 3 RTM