Skip to content

@leastprivilege leastprivilege released this Jul 12, 2019 · 10 commits to master since this release

As part of this release we had 44 issues closed.

bugs

  • #3404 HashedSharedSecretValidator does not catch null value
  • #3391 Added check to scope validator for missing identity and api scopes
  • #3388 repro PR for Incorrect secret type for missing secret in BasicAuth #2975
  • #3358 DefaultTokenService - access token claims without distinct
  • #3330 Object reference not set to an instance of an object - when calling RequestClientCredentialsTokenAsync
  • #3325 ids4 configured to use external ConsentUrl duplicates path in ReturnUrl
  • #3320 Include identity resource properties in GetAllResourcesAsync
  • #3282 Add vary by origin for Cache-Control on disco endpoints
  • #3128 Latest Identity Server 4 OIDC Form Post doesn't work when run in a WinForms WebBrowser control
  • #3013 IdentityServer4.Models.ApiResourceExtensions.CloneWithScopes does not clone properties
  • #2875 code flow with fragment response mode is not allowed

enhancements

  • #3422 Add claims transformation event to local API authN handler
  • #3409 add AddValidationKeys signature accepting X509Certificate2[] (#3383)
  • #3406 add scope to all token responses
  • #3392 Added scope param to token endpoint for device grant type
  • #3382 add message store abstraction on authorization request params
  • #3298 should never cache temporary data with no expiration
  • #3276 Handle unknown idp at login
  • #3257 Make EntityFramework.Stores*Store.cs private fields accessible for derived Classes
  • #3254 Prototype for pluggable authN MW
  • #3243 Use Task.CompletedTask to reduce allocations
  • #3242 Consider global switch to disable request_uri feature
  • #3241 Add support for signed authorize requests
  • #3234 Add Client.Id and to UserLoginSuccessEvent and UserLoginFailureEvent
  • #3229 Make back channel signout a first class service
  • #3227 Recompilation required for EF.Storage with latest AutoMapper 8.1.0 due to signature change
  • #3219 Add JWK support in JwtRequestValidator
  • #3215 LogInformation changed to LogDebug
  • #3201 Allowed usage of relative and absolute verification URIs for device authorization
  • #3200 Device Code Cleanup
  • #3193 Add validation for cors origins that aren't valid
  • #3183 Add support to carry an error description back to third party clients on authorize error results
  • #3160 PersistedGrants missing index on Expiration column
  • #3148 call flush async #3096
  • #3143 Log request details on more log messages
  • #3139 Back-Channel Logout Token: Allow configuring additional claims
  • #3059 Fixed bug where the Subject was not being set on the ValidatedRequest and would not end up in the TokenIssuedSuccessEvent using Code flow
  • #2938 Provide more flexibility in the DefaultUserSession cookie management
  • #2893 Make ProtectedDataMessageStore public
  • #2884 Generate a token with claims from IdentityServerTools
  • #2859 Support HttpClientFactory for back channel signout
  • #2846 Adjust "Authentication scheme Bearer is configured for IdentityServer, but it is not a scheme that supports signin (like cookies)"
  • #2539 Consider Add or Replace Endpoint extension method
  • #1958 Add client_id to ErrorMessage when Authorization request failed
Assets 2
You can’t perform that action at this time.