1.0.2

@leastprivilege leastprivilege released this Jan 15, 2017 · 35 commits to dev since this release

As part of this release we had 3 issues closed.

bugs

  • #691 Always invoke profile service even if no claims requested
  • #681 Only load resources on discovery endpoint when needed

enhancement

  • #692 Update to latest MS.IdentityModel

Downloads

1.0.1

@leastprivilege leastprivilege released this Jan 9, 2017 · 49 commits to dev since this release

As part of this release we had 5 issues closed.

bugs

  • #650 Exception in IIS when using windows authentication
  • #646 Typo in log message in EndpointRouter.cs
  • #645 Correct use of IHttpContextAccessor

enhancements

  • #660 Consider more defensive handling for deserailization of JSON in persisted grants.
  • #659 Relax form-action CSP on authorize response

Downloads

1.0.0

@leastprivilege leastprivilege released this Dec 22, 2016 · 85 commits to dev since this release

As part of this release we had 22 issues closed.

bug

  • #586 PersistedGrantStore should implement expiration logic

enhancements

  • #624 Consider expose PersistentGrantSerializer as interface
  • #623 Use ReadFormAsync instead Form on HttpRequest
  • #619 Consider DateTimeHelper to be public as well as its UtcNowFunc
  • #618 Add overload to AddSigningCredential that allows adding by thumbprint
  • #615 Make sure all extensibility interfaces are public
  • #614 Consider moving handle generation into stores
  • #613 Get rid of .Default namespace
  • #612 Introduce handle generation service
  • #606 Remove eventing for 1.0
  • #600 Research extension custom grant validation result without sub
  • #595 Remove InMemoryUser from Core and move to Quickstart UI
  • #587 If claims are filtered (e.g. protocol claims) - emit a log entry
  • #585 Add constants for token types
  • #580 Add at_hash to id_token from token endpoint
  • #578 make ResourceExtensions public
  • #571 Provide easy way to create an access token
  • #570 Add Windows authentication support
  • #569 Cleanup UI
  • #542 Update to ASP.NET 1.1
  • #528 allow claims to be configured to always be included in id_token
  • #523 Check amr in RO flow

Downloads

RC5

@leastprivilege leastprivilege released this Dec 8, 2016 · 157 commits to dev since this release

As part of this release we had 6 issues closed.

bug

  • #527 Too many scopes from API resource included when querying resource store

enhancements

  • #549 Update Travis to .NET 1.1
  • #547 Support prompt=select_account
  • #534 Expose redirect_uri in authorization context
  • #522 Propagate API names as audiences to the access token
  • #415 Issue a notice when IdSrv uses a expired certificate for token signing

Downloads

RC4-Update1

@leastprivilege leastprivilege released this Dec 2, 2016 · 194 commits to dev since this release

As part of this release we had 8 issues closed.

bug

  • #512 Scope display name not getting set

enhancements

  • #526 Don't require credentials for for implicit clients on revocation endpoint
  • #525 Remove user claims and change to string collection on resources
  • #524 Include API resource names in access token audiences
  • #521 Do we need UserClaim.Description?
  • #520 Do we need ApiResource.Description?
  • #499 Consider removing AllowAccessToAllScopes
  • #390 Add CSP to host UI

Downloads

  • Dec 2, 2016

    RC4-Update1

    Include API resource names in access token audiences (#524)
    * allow multiple aud claims in tokens
    
    * add api resource name(s) as audience(s) to access token

RC4

@leastprivilege leastprivilege released this Nov 30, 2016 · 215 commits to dev since this release

As part of this release we had 10 issues closed.

bugs

  • #475 CSP security headers does not work in Microsoft Edge Browser
  • #470 CustomTokenRequestValidationContext.Result.IsError = true - Throws excepion

enhancements

  • #509 new resource based configuration changes
  • #503 Remove role scope/claim from all sample code
  • #502 Fixes #487 - Name of the session cookie is derived from EffeciveAuthenticationScheme
  • #496 Consider removing ClaimsRule
  • #495 Consider removing IncludeAllClaimsForUser
  • #482 Updated docs for code that doesn't break the program
  • #429 reworked persisted grant service and split into separate interfaces

Downloads

RC3

@leastprivilege leastprivilege released this Nov 5, 2016 · 244 commits to dev since this release

As part of this release we had 20 issues closed.

bugs

  • #441 session id being overwritten while user logged in
  • #438 RequireSignOutPrompt on Client is Missing
  • #392 Removing session id cookie when user no longer authenticated is incorrect
  • #384 Rename InMemoryLoginService.cs

enhancements

  • #459 Add client protocol check at token endpoint
  • #440 add signout for external idp in UI
  • #436 Change InMemoryUser to support collection initializers
  • #426 Update docs and samples for new API surface
  • #425 Add extensibility properties to Client class
  • #418 Make GetAuthorizationContextAsync extensible
  • #405 Add Login/Logout related events
  • #404 Remove "AddDeveloperIdentityServer"
  • #389 Add logging to cache
  • #388 Add more context to IsActive
  • #381 Disable plain text PKCE by default
  • #380 Check value type for auth_time
  • #368 The naming of AddInMemoryStores
  • #279 Register AddMemoryCache in our AddInMemoryCaching
  • #242 Add CSP/XFO security headers
  • #166 Enable authorize/token validation pipeline extensibility

Downloads

Pre-release

RC2

@brockallen brockallen released this Oct 7, 2016 · 328 commits to dev since this release

As part of this release we had 30 issues closed.

bugs

  • #365 Possible NullRefException in UserInfo
  • #354 Claims valueType serialization : Introspection endpoint
  • #287 License URL in IdentityServer4-1.0.0-rc1-update1 package is incorrect.
  • #282 Clear session id on incoming requests if user is no longer authenticated
  • #280 Primary key violation on Persisted Grants after deleting cookies
  • #277 Sometimes get a "idp claim is missing" with AspNetIdentity when authorizing
  • #274 Constants no longer public accessible

enhancements

  • #367 Docs: Update to RC2
  • #366 gen new sid on each login
  • #363 HashSet all the collections
  • #359 Consistently check for Enabled in Clients and Scopes
  • #325 Port "private_key_jwt" from IdentityServer3
  • #319 Consider ignoring IdP acr_value if IdP not in client allowed list
  • #318 Add logic/support to bypass HRD on login screen
  • #317 Add flag for IsAuthenticatedLogout on LogoutRequest
  • #315 Add "Remember me" functionality to sample UI
  • #301 rename quickstart to developer, moved in-mem
  • #299 Update to 1.0.1 ASP.NET Core packages
  • #298 Rename AddIdentityServerQuickstart to AddDeveloperIdentityServer
  • #288 Consider how to allow custom form post authorization response html
  • #286 Scope claim is always a string array
  • #285 tests for FederatedSignOutMiddleware
  • #272 AuthenticationManagerExtensions does not provide an overload that allows for setting persistent cookies
  • #265 Unit tests for client list cookie
  • #264 Unit tests for authN handler/session id
  • #263 Unit tests for persisted grant svc
  • #260 Consider builder extension method for registering IProfileService
  • #256 Verify logging consistency
  • #236 Cleanup result object style
  • #3 Check for our required services in UseIdentityServer

Downloads