2.0

@brockallen brockallen released this Oct 5, 2017 · 511 commits to dev since this release

Assets 2

As part of this release we had 68 issues closed.

bugs

  • #1580 add options validation at startup time
  • #1574 Decorators in DI should wrap last service in DI (not first)
  • #1477 Don't use default signin scheme -- be explicit and use auth scheme
  • #1453 Error: Collection was modified; enumeration operation may not execute.
  • #1370 dotnet core 2.0 cookie authentication uses samesite = lax as default
  • #1283 ICustomAuthorizeRequestValidator ErrorDescription not bubbled up
  • #1276 Remove Enabled check from InMemoryClientStore
  • #1258 Client secret stilling being logged in 1.5.1/1.5.2
  • #1250 idp:Negotiate on acr_values does not work!
  • #1217 Removed duplicate scopes
  • #1144 Add condition to logging in IntrospectionResponseGenerator.AreExpectedScopesPresent
  • #1101 CorsPolicyService implementation not being picked up...

enhancements

  • #1576 Separate callback route endpoints from base route endpoints
  • #1571 Add PairWiseSubjectSalt to Client
  • #1523 Consider adding IsActive to TestUser
  • #1518 Consider ISystemClock?
  • #1514 Make Endpoint class public to allow custom routing
  • #1482 Add authN scheme diagnostics logging at startup
  • #1475 user session rework to allow changing user from custom authorize logic
  • #1473 support using configuration binder
  • #1471 Add ICorsPolicyService caching layer
  • #1457 Consider properties collection on Client
  • #1443 Install .NET Core 2.0 in Travis Builds
  • #1438 [Feature] Allow to manually override host and base path with custom values
  • #1431 Make InputLengthRestrictions.TokenHandle configurable
  • #1401 Enable Tests for both netcoreapp2.0 and net461
  • #1395 make it easier to reject an authorization request from the login page…
  • #1391 make endpoint router extensible #1364
  • #1389 remove XFO from end session callback iframe #1224
  • #1367 Propagate parsed secret throughout token validation pipeline
  • #1354 automatically add store implementations to DI when adding cached stores
  • #1326 added "alg" to JsonWebKey and DiscoveryResponseGenerator
  • #1272 Move PersistedGrantTypes to public constants
  • #1270 Feature: Allow PKCE on demand
  • #1252 Add copyright to check_session_iframe code
  • #1246 Consider better UTC now helper
  • #1235 Change DefaultGrantStore.GetHashedKey to virtual
  • #1228 Allow PKCE on demand (without explicit configuration)
  • #1165 Consider enforcing unique names in InMem stores
  • #1138 add same overloads for validation keys as signing keys
  • #1135 Consistent expiration handling
  • #1084 Consistent expiration handling
  • #1081 Add helper to register IRedirectUriValidator
  • #1066 Deal with Azure AD federation gateway problem
  • #1060 make resource base class for api and identity resources
  • #1002 Add support for getting IdentityServer error details in ErrorMessage
  • #951 Consider a Client setting to set a consent expiration
  • #870 New Feature: Allow the ability to validate a refresh_token
  • #846 consider decoupling GetIdentityServerUser APIs from cookie middleware

breaking changes

  • #1534 Consider making client claims prefix value configurable
  • #1487 Add refresh token validator as part of ITokenValidator
  • #1446 Use default schemes plumbing
  • #1402 consider using default authN scheme
  • #1394 Update to ASP.NET Core v2
  • #1375 Only revoke specific refresh token (not all for client)
  • #1344 Consider RequireConsent = false by default
  • #1277 GetAllResources on IResourceStore should be named "Async"
  • #1139 Remove AddTemporarySigningCredential in 2.0
  • #1073 Token revocation cleanup
  • #1055 Support ASP.NET Core 2.0
  • #1049 Check extensibility points for v2 rework
  • #1044 Change AddFilteredClaims to AddClaims on the ProfileContext
  • #1042 Refactor token response generator for cleaner extensibility
  • #1003 Removed redundant client parameter from IClaimsService
  • #1001 Introspection re-work
  • #874 Change client allowed grant types to ICollection
  • #848 Change ICustomAuthorizeRequestValidator.ValidateAsync to not return AuthorizeRequestValidationResult
  • #746 Update logout implementations