This repository has been archived by the owner on Jul 31, 2024. It is now read-only.
Releases: IdentityServer/IdentityServer4
Releases · IdentityServer/IdentityServer4
2.0.5
2.0.4
As part of this release we had 7 issues closed.
bugs
- #1778 Update ASP.NET Core dependnecy for recent Url.IsLocal vulnerability fix
- #1748 Remove unsafe-inline for Edge from CSP
- #1715 Consider if Referrer-Policy is useful in QS host
- #1710 Fix default caching code comments
- #1697 Parameters twisted for GetConsentKey
- #1607 Http.Sys implementation with Windows Integrated Authentication
- #1598 Set NoCache headers for discovery document if CacheInterval is set to 0
2.0.3
2.0.2
2.0.1
2.0
As part of this release we had 68 issues closed.
bugs
- #1580 add options validation at startup time
- #1574 Decorators in DI should wrap last service in DI (not first)
- #1477 Don't use default signin scheme -- be explicit and use auth scheme
- #1453 Error: Collection was modified; enumeration operation may not execute.
- #1370 dotnet core 2.0 cookie authentication uses samesite = lax as default
- #1283 ICustomAuthorizeRequestValidator ErrorDescription not bubbled up
- #1276 Remove Enabled check from InMemoryClientStore
- #1258 Client secret stilling being logged in 1.5.1/1.5.2
- #1250 idp:Negotiate on acr_values does not work!
- #1217 Removed duplicate scopes
- #1144 Add condition to logging in IntrospectionResponseGenerator.AreExpectedScopesPresent
- #1101 CorsPolicyService implementation not being picked up...
enhancements
- #1576 Separate callback route endpoints from base route endpoints
- #1571 Add PairWiseSubjectSalt to Client
- #1523 Consider adding IsActive to TestUser
- #1518 Consider ISystemClock?
- #1514 Make Endpoint class public to allow custom routing
- #1482 Add authN scheme diagnostics logging at startup
- #1475 user session rework to allow changing user from custom authorize logic
- #1473 support using configuration binder
- #1471 Add ICorsPolicyService caching layer
- #1457 Consider properties collection on Client
- #1443 Install .NET Core 2.0 in Travis Builds
- #1438 [Feature] Allow to manually override host and base path with custom values
- #1431 Make InputLengthRestrictions.TokenHandle configurable
- #1401 Enable Tests for both netcoreapp2.0 and net461
- #1395 make it easier to reject an authorization request from the login page…
- #1391 make endpoint router extensible #1364
- #1389 remove XFO from end session callback iframe #1224
- #1367 Propagate parsed secret throughout token validation pipeline
- #1354 automatically add store implementations to DI when adding cached stores
- #1326 added "alg" to JsonWebKey and DiscoveryResponseGenerator
- #1272 Move PersistedGrantTypes to public constants
- #1270 Feature: Allow PKCE on demand
- #1252 Add copyright to check_session_iframe code
- #1246 Consider better UTC now helper
- #1235 Change DefaultGrantStore.GetHashedKey to virtual
- #1228 Allow PKCE on demand (without explicit configuration)
- #1165 Consider enforcing unique names in InMem stores
- #1138 add same overloads for validation keys as signing keys
- #1135 Consistent expiration handling
- #1084 Consistent expiration handling
- #1081 Add helper to register IRedirectUriValidator
- #1066 Deal with Azure AD federation gateway problem
- #1060 make resource base class for api and identity resources
- #1002 Add support for getting IdentityServer error details in ErrorMessage
- #951 Consider a Client setting to set a consent expiration
- #870 New Feature: Allow the ability to validate a refresh_token
- #846 consider decoupling GetIdentityServerUser APIs from cookie middleware
breaking changes
- #1534 Consider making client claims prefix value configurable
- #1487 Add refresh token validator as part of ITokenValidator
- #1446 Use default schemes plumbing
- #1402 consider using default authN scheme
- #1394 Update to ASP.NET Core v2
- #1375 Only revoke specific refresh token (not all for client)
- #1344 Consider RequireConsent = false by default
- #1277 GetAllResources on IResourceStore should be named "Async"
- #1139 Remove AddTemporarySigningCredential in 2.0
- #1073 Token revocation cleanup
- #1055 Support ASP.NET Core 2.0
- #1049 Check extensibility points for v2 rework
- #1044 Change AddFilteredClaims to AddClaims on the ProfileContext
- #1042 Refactor token response generator for cleaner extensibility
- #1003 Removed redundant client parameter from IClaimsService
- #1001 Introspection re-work
- #874 Change client allowed grant types to ICollection
- #848 Change ICustomAuthorizeRequestValidator.ValidateAsync to not return AuthorizeRequestValidationResult
- #746 Update logout implementations
1.5.1
1.5.0
As part of this release we had 7 issues closed.
bugs
- #1036 ids4 configured to use external Login page and hosted in an application within iis produces duplicated path in the returnUrl
- #1030 Create new collection when implying all scopes if none requested
enhancements
- #1048 Resolve ICorsPolicyProvider dynamically from DI from CorsPolicyProvider
- #1025 DefaultGrantStore checking expiration, logging expired grants as not found
- #965 AuthorizeResult and ErrorMessage discard the ErrorDescription in AuthorizeResponse
- #810 Consider ability to define cache-control header for discovery endpoint
- #579 Consider cors caching