This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
Releases: IdentityServer/IdentityServer4
Releases · IdentityServer/IdentityServer4
2.3.0
As part of this release we had 71 issues closed.
next feature release
note
The EntityFramework library contains schema changes to previous version. You need to run migrations (see here).
bugs
- #2778 Invalid code on device flow user code page throws
- #2752 Endpoint returns wrong WwwAuthentication header
- #2742 Fix a typo in TokenErrorResult.cs
- #2729 Add null check on Consent page
- #2658 Corrected internal value for ParsedSecretTypes.JwtBearer
- #2604 Create jwk document when signing with JsonWebKey
- #2561 Update path to SQL scripts
- #2533 DistributedCacheStateDataFormatter should handle failed Unprotect workflows
- #2523 CorsService doesn't handle null for origin
- #2504 DistributedCacheStateDataFormatter tries to unprotect null string
- #2499 fix ??-operator priority
- #2492 Refresh token is not redacted
- #2446 ReturnUrl in CustomRedirectResult?
- #2441 CloneWithScopes in ApiResource does not clone DisplayName
- #2358 Filter identity scopes and offline_access when no explicit scopes are specificed in client credentials
- #2336 Fix incorrect log message
- #2251 IdentityServer might log tokens in case of error
new features
enhancements
- #2783 Add AddPersistedGrantStore extension method for IIdentityServerBuilder
- #2780 Document device flow
- #2779 Document UserSsoLifetime
- #2745 Enhance object logging
- #2730 Unify empty string
- #2695 Changed level from error to warn on refresh token
- #2661 Be compatible with iOS 12 breaking changes
- #2646 Emit more logging and errors around authentication scheme at startup
- #2641 Support idp:local in host
- #2617 Change: error code in TokenValidator class
- #2611 Update secrets.rst
- #2609 Add per-client SSO lifetime
- #2607 Change: Made DefaultUserSession.AuthenticateAsync overrideable
- #2593 Switch to new cake build version
- #2582 redundant one line of code.
- #2577 Make sure all nugets publish the repo URL
- #2560 Consider making EndSessionRequestValidator public
- #2554 Should SessionId Cookies be considered "Essential"
- #2545 Make some internal types public to facilitate custom service implementations
- #2540 resolve login/logout url, et al from named options
- #2532 Consider resolving login url, et al from named options
- #2525 enable default client validator by default
- #2518 Add AsNoTracking for readonly queries
- #2517 Add explicit FK properties in EF entities to allow EF Core DataSeeding
- #2514 Add more strict cache control headers when softer headers are already added by HttpContext.SignInAsync
- #2513 Make AddScriptCspHeaders and AddStyleCspHeaders public
- #2512 Add parameters to IntrospectionRequestValidationResult - #2388
- #2509 Update all projects
- #2508 Move all repos to ASP.NET Core 2.1
- #2506 add invalid uri scheme validation
- #2489 IdentityServerAuthenticationService doesn't work well with the new dynamic/policy auth schemes in 2.1
- #2469 EndSession class should be public?
- #2460 Create abstractions package for Storage models and interfaces
- #2434 Consider redirect uri scheme blocked list
- #2402 IdentityServer4.AspNetIdentity's ProfileService readonly filelds should be protected
- #2393 Add details to logError in TokenRequestValidator
- #2374 Make client secret optional while parsing basic authentication secret
- #2359 During the cleanup token process, add support for an event when token is expired.
- #2357 Dont log SecurityTokenExpiredException as error, since it is not
- #2353 Sign nuget packages
- #2300 update the generated EF sql files
- #2299 Extract JWT payload creation to extension method
- #2298 Extension Grant flows need all the data of the request at the final build of the claims.
- #2285 Consider more metadata for clients and resources
- #2284 Add support for OAuth 2.0 Device Flow [WIP]
- #2280 Client missing description while EF Client has it.
- #2271 AdminUI Custom Database Tables
- #2264 ClientSecret exceeds the MaxLength value
- #2249 Consider Properties on ApiResource and IdentityResource EF models
- #2218 GetErrorContextAsync does not always return description.
- #2055 Consider create datetime on ClientSecret
breaking change
- #2524 Remove obsolete constructor on DefaultCustomTokenValidator
2.3 Preview 2
As part of this release we had 65 issues closed.
next feature release
bugs
- #2752 Endpoint returns wrong WwwAuthentication header
- #2742 Fix a typo in TokenErrorResult.cs
- #2729 Add null check on Consent page
- #2658 Corrected internal value for ParsedSecretTypes.JwtBearer
- #2604 Create jwk document when signing with JsonWebKey
- #2561 Update path to SQL scripts
- #2533 DistributedCacheStateDataFormatter should handle failed Unprotect workflows
- #2523 CorsService doesn't handle null for origin
- #2504 DistributedCacheStateDataFormatter tries to unprotect null string
- #2499 fix ??-operator priority
- #2492 Refresh token is not redacted
- #2446 ReturnUrl in CustomRedirectResult?
- #2441 CloneWithScopes in ApiResource does not clone DisplayName
- #2358 Filter identity scopes and offline_access when no explicit scopes are specificed in client credentials
- #2336 Fix incorrect log message
- #2251 IdentityServer might log tokens in case of error
new features
enhancements
- #2745 Enhance object logging
- #2730 Unify empty string
- #2695 Changed level from error to warn on refresh token
- #2661 Be compatible with iOS 12 breaking changes
- #2641 Support idp:local in host
- #2617 Change: error code in TokenValidator class
- #2611 Update secrets.rst
- #2609 Add per-client SSO lifetime
- #2607 Change: Made DefaultUserSession.AuthenticateAsync overrideable
- #2593 Switch to new cake build version
- #2582 redundant one line of code.
- #2560 Consider making EndSessionRequestValidator public
- #2554 Should SessionId Cookies be considered "Essential"
- #2545 Make some internal types public to facilitate custom service implementations
- #2540 resolve login/logout url, et al from named options
- #2532 Consider resolving login url, et al from named options
- #2525 enable default client validator by default
- #2518 Add AsNoTracking for readonly queries
- #2517 Add explicit FK properties in EF entities to allow EF Core DataSeeding
- #2514 Add more strict cache control headers when softer headers are already added by HttpContext.SignInAsync
- #2513 Make AddScriptCspHeaders and AddStyleCspHeaders public
- #2512 Add parameters to IntrospectionRequestValidationResult - #2388
- #2509 Update all projects
- #2508 Move all repos to ASP.NET Core 2.1
- #2506 add invalid uri scheme validation
- #2489 IdentityServerAuthenticationService doesn't work well with the new dynamic/policy auth schemes in 2.1
- #2469 EndSession class should be public?
- #2460 Create abstractions package for Storage models and interfaces
- #2434 Consider redirect uri scheme blocked list
- #2402 IdentityServer4.AspNetIdentity's ProfileService readonly filelds should be protected
- #2393 Add details to logError in TokenRequestValidator
- #2374 Make client secret optional while parsing basic authentication secret
- #2359 During the cleanup token process, add support for an event when token is expired.
- #2357 Dont log SecurityTokenExpiredException as error, since it is not
- #2353 Sign nuget packages
- #2300 update the generated EF sql files
- #2299 Extract JWT payload creation to extension method
- #2298 Extension Grant flows need all the data of the request at the final build of the claims.
- #2285 Consider more metadata for clients and resources
- #2284 Add support for OAuth 2.0 Device Flow [WIP]
- #2280 Client missing description while EF Client has it.
- #2271 AdminUI Custom Database Tables
- #2264 ClientSecret exceeds the MaxLength value
- #2249 Consider Properties on ApiResource and IdentityResource EF models
- #2218 GetErrorContextAsync does not always return description.
- #2055 Consider create datetime on ClientSecret
breaking change
- #2524 Remove obsolete constructor on DefaultCustomTokenValidator
2.3 Preview 1
As part of this release we had 40 issues closed.
next feature release
bugs
- #2533 DistributedCacheStateDataFormatter should handle failed Unprotect workflows
- #2523 CorsService doesn't handle null for origin
- #2504 DistributedCacheStateDataFormatter tries to unprotect null string
- #2499 fix ??-operator priority
- #2492 Refresh token is not redacted
- #2446 ReturnUrl in CustomRedirectResult?
- #2441 CloneWithScopes in ApiResource does not clone DisplayName
- #2358 Filter identity scopes and offline_access when no explicit scopes are specificed in client credentials
- #2336 Fix incorrect log message
- #2251 IdentityServer might log tokens in case of error
new feature
- #2440 Add built-in support for Confirmation (cnf)
enhancements
- #2525 enable default client validator by default
- #2518 Add AsNoTracking for readonly queries
- #2517 Add explicit FK properties in EF entities to allow EF Core DataSeeding
- #2514 Add more strict cache control headers when softer headers are already added by HttpContext.SignInAsync
- #2513 Make AddScriptCspHeaders and AddStyleCspHeaders public
- #2512 Add parameters to IntrospectionRequestValidationResult - #2388
- #2509 Update all projects
- #2508 Move all repos to ASP.NET Core 2.1
- #2506 add invalid uri scheme validation
- #2489 IdentityServerAuthenticationService doesn't work well with the new dynamic/policy auth schemes in 2.1
- #2469 EndSession class should be public?
- #2460 Create abstractions package for Storage models and interfaces
- #2434 Consider redirect uri scheme blocked list
- #2402 IdentityServer4.AspNetIdentity's ProfileService readonly filelds should be protected
- #2393 Add details to logError in TokenRequestValidator
- #2374 Make client secret optional while parsing basic authentication secret
- #2359 During the cleanup token process, add support for an event when token is expired.
- #2357 Dont log SecurityTokenExpiredException as error, since it is not
- #2353 Sign nuget packages
- #2300 update the generated EF sql files
- #2299 Extract JWT payload creation to extension method
- #2298 Extension Grant flows need all the data of the request at the final build of the claims.
- #2285 Consider more metadata for clients and resources
- #2280 Client missing description while EF Client has it.
- #2264 ClientSecret exceeds the MaxLength value
- #2249 Consider Properties on ApiResource and IdentityResource EF models
- #2218 GetErrorContextAsync does not always return description.
- #2055 Consider create datetime on ClientSecret
breaking change
- #2524 Remove obsolete constructor on DefaultCustomTokenValidator
2.2
As part of this release we had 16 issues closed.
bugs
- #2224 RequireCspFrameSrcForSignout = false does not sign out websites using front channel
- #2214 GetAcrValues() should call ToArray() internally
- #2176 Allow client ids with spaces in check session endpoint
- #2173 PublicOrigin with the value empty string results in invalid Issuer
- #2121 explicitly set the default value of base target in html response from AuthorizeResult
- #2080 Potential URL host encoding
enhancements
- #2220 Add ws-fed wsignoutcleanup support to front-channel signout notification
- #2219 Move IsPkceClient to UI
- #2211 Hide index view when not in development
- #2210 Add Events for grant management
- #2204 Split controllers in local login/logout and external challenge/callback
- #2200 Add client configuration validation infrastructure
- #2199 Added events for granted/denied consent
- #2194 Enhance scope validation to detect duplicates
- #2035 Add Content-Security-Policy options
- #1609 Consider adding events for introspection events
2.1.3
1.5.3
2.1.2
2.1.1
2.1
As part of this release we had 13 issues closed.
bug
- #1936 Fix string concat problem in log messages
enhancements
- #1909 Support external SAML2-P providers
- #1903 only emit session id cookie if check session endpoint is enabled
- #1879 Unlimited refresh lifetime
- #1817 Pass requested resources to profile service (where available)
- #1798 Allows overriding methods in default services
- #1780 Remove EnableWindowsAuth flag on QS AccountOptions
- #1766 add flag to relax frame-src csp header on signout response #1647
- #1736 Add redirect_uri parameter to ErrorUrl #1564
- #1733 detect non-unique scope names #1583
- #1718 Move the IsActive call from the custom token validator to the core token validatator
- #1684 Allow IdentityServerTools to not depend on HttpContext
- #1480 Include ui_locales to error page
2.0.6
As part of this release we had 7 issues closed.
bugs
- #1882 IdentityServerBuilder unnecessarily created twice
- #1880 Add button for noscript on authorize response form
- #1870 Make ExternalLoginScheme in quickstart UI more defensive
- #1861 Allow disabling resource owner password validation
- #1854 Problems with form-action CSP behind load palancer
- #1834 PublicOrigin should be used by UI code
- #1831 Refresh token response does not contain custom fields from custom token request validator