RELEASES.md

1.3.0 (14 March 2015)

• #1017 - session_state not available after keep me signed in selected
• #1010 - SignInMessageThreshold as an option? +enhancement
• #964 - Feature Request - Show logout redirect uri, after idsvr cookie has expired
• #1072 - Suppress Default host authentication
• #1066 - Question about ViewService customization
• #1065 - Requesting token with optional roles
• #1064 - [Question] Is it necessary to store StandardScopes in EF ScopeStore?
• #1063 - IdSrv for older browsers (IE7/8)
• #1061 - Add Refresh Token and expiration date of token to Web Api Response header.
• #1060 - Add a Gitter chat badge to README.md contributed by The Gitter Badger (gitter-badger)
• #1054 - Fixed mistake in IssueLoginCookie method contributed by Loc Tan Vo (loctanvo)
• #1053 - UseIdentityServerBearerTokenAuthentication add Bearer token to the Response header?
• #1050 - WsFederation question
• #1046 - Getting claims from facebook
• #1044 - SigninMessageThreshold as an option contributed by Loc Tan Vo (loctanvo)
• #1043 - Resource Owner Flow with Bearer Token Authorization
• #1042 - Instead of Cookies in the ClaimsIdentity can i use DefaultAuthenticationTypes.ApplicationCookie In the SigninCallback function in the Idsrv3
• #1041 - Resolving registrations in custom controllers/user service
• #1039 - Signing request to protected resource
• #1037 - Reworked Authorize Request Validation contributed by Dominick Baier (leastprivilege)
• #1036 - Pluralsight training
• #1035 - We cannot pass any custom errors information in AuthenticateResult
• #1034 - Extend Identity server to produce token based upon Soap Call result
• #1033 - Different CustomViewService for different clients
• #1032 - Log4Net not logging
• #1030 - TFA via Resource Owner Password Flow
• #1029 - IdentityServer on WebFarm
• #1027 - The client is disconnected because the underlying request has been completed. There is no longer an HttpContext available.
• #1026 - Authorize endpoint redirects to invalid redirect_uri if there are invalid params
• #1025 - Custom Views in an OWIN Worker Role
• #1024 - Localizing login/logout per user language
• #1023 - add flag to configure cookie secure flag contributed by Brock Allen (brockallen)
• #1022 - Why we are using Request.GetOwinContext().Authentication.SignIn(id) ?
• #1021 - DefaultViewService coupled with ViewEngine
• #1020 - What happens when IIS Hosting this IdentityServer Re-cycles.
• #1019 - AuthorizationCode flow from a C# acceptance test and JavaScript
• #1018 - Mapping Username from 3rd party providers
• #1016 - NDC Video Link Broken
• #1015 - Identity Server V3 for Securing WCF Service?
• #1014 - Login form Loop - Implicit Flow
• #1013 - identity server with resource server works on iis express but not in iis
• #1012 - Loggin in after account verification.
• #1011 - In the client i am able to get the values in claims how to add claim id value to User.Identity.Name
• #1009 - Safari on Mac and iOS download endsessioncallback on loggedOut page
• #1008 - Multi-Tenant - Tenant for Logout, LoggedOut, Consent, ClientPermissions, and Error?
• #1007 - Purpose of Port 44321
• #1006 - Can't load controllers external to Core
• #1005 - CookieSecure in CookieOptions
• #1004 - setup federation gateway with two instances of identity server
• #1003 - After Consent Screen request is going from client application to server continously
• #1002 - a sample with OAuth2Configuration
• #997 - How to divide IdenityServer3 into 2 instances(one for Authentication and another for Authorization)
• #996 - OpenID issue on Chrome
• #995 - Custom User Service to authenticate against Active Directory
• #994 - Custom View Service Logged Out behavior
• #993 - Scope and audience question
• #992 - Cryptographic Exception on HostDataProtector provider
• #991 - In JavaScript Implicit Client Which is SignInCallback function.?
• #990 - MVC Client As Application - error?
• #988 - Single sign out
• #987 - Sign out all users
• #984 - assembly name update
• #975 - Extra claims provided to CustomGrantValidationResult constructor aren't included with resulting JWT
• #970 - OpenID Connect Hybrid Flow and IdentityServer v3
• #968 - Make ExternalIdentity FromClaims() public instead of internal contributed by Michel van den Berg (promontis)
• #967 - Make ExternalIdentity FromClaims() public instead of internal +enhancement
• #955 - Provide renewal of the Autofac IComponentContext in IDependencyResolver to allow runtime resolving of dependencies using factory func registrations
• #952 - UseOpenIdConnectAuthentication behavior
• #930 - Added the ability for custom code logging in to Identity Server (conceptual) contributed by Frans Lytzen (flytzen)
• #913 - Set Authentication Cookie to persistent for preauthenticate
• #541 - The assemblies delivered via the NuGet packages have an Authenticode signature
• #494 - Add "remember selection" for HRD
• #233 - Reconsider Consent Logic Rework

Commits: b51ab152ba...e50124f4ca

1.2.1 (27 February 2015)

• #989 - Question: Is the signing certificate needs to be installed on the client application (RP) side
• #986 - Serving subdomains with same CodeFlowClient
• #985 - Make client_id available in IsActiveAsync
• #983 - Fixed typo in ClientAuthenticationTests 'suport to support' contributed by Onat Yiğit Mercan (onatm)
• #982 - In the javascript client from idsrv3 sample
• #981 - Revert "Fixed typo in ClientAuthenticationTests 'suport to support'" contributed by Onat Yiğit Mercan (onatm)
• #980 - Fixed typo in ClientAuthenticationTests 'suport to support' contributed by Onat Yiğit Mercan (onatm)
• #979 - After logout from Idrsv3 Instead of showing core/logout Page i need show Login Page how i can get this..?
• #978 - Validate the client before redirecting to login +enhancement
• #977 - Permission to copy parts of documentation
• #976 - DI System flawed in cooperation with other IoC Containers
• #974 - ResourceActionAuthorize vs ResourceAuthorize Attribute
• #973 - Localization / I18n
• #972 - Javascript
• #971 - InitialConfiguration
• #969 - How do I redirect users to a predetermined url after login?
• #966 - #955 - Support for runtime resolving of dependencies using delegate factories contributed by Mathijs van Dijk (ambvdijk)
• #965 - Thinktecture and Microsoft Account Authentication
• #963 - How to implement Idsrv3 for Angular js.
• #962 - Revert "Fixed typo in ClientAuthenticationTests 'suport to support'" contributed by Dominick Baier (leastprivilege)
• #961 - Fixed typo in ClientAuthenticationTests 'suport to support' contributed by Onat Yiğit Mercan (onatm)
• #960 - Fix typo in ClientAuthenticationTests.cs
• #959 - Update claims on refresh token refresh contributed by Dominick Baier (leastprivilege)
• #958 - Having an issue with MVC Hybrid flow
• #957 - Add flags to allow auto redirects post logout
• #956 - The use of "post_logout_redirect_uri"
• #954 - Allow Client Credentials flow for any client contributed by Dominick Baier (leastprivilege)
• #953 - Identity server3: HTTP activity shows password in clear text
• #951 - Documentation suggestion for /advanced/customServices.html
• #950 - OWIN Client causes an infinite loop if you forget to add openid to the requested scope following the MVC OWIN Hybrid sample
• #949 - using "post_logout_redirect_uri"
• #948 - Claim Information not being passed
• #947 - Multi Tenancy Cookies
• #946 - Access Token Validation & Caching Problem
• #945 - Link users from several providers to a certain account
• #944 - How to divide IdenityServer3 into 2 instances(one for Authentication and another for Authorization)
• #943 - 401 not authorized with No redirecting to login page after Publishing on IIS
• #941 - How to get the sub values from claims in the client side
• #940 - Deploying identityserver to the GAC
• #939 - Infinite loop with local login disabled and only 1 external idp
• #938 - Difference Between These Two Projects
• #936 - OpenId Connect With OAuth2.0
• #935 - “An exception of type 'System.Security.Cryptography.CryptographicException' occurred in System.Security.dll but was not handled in user code”
• #934 - Remove Transitive Dependency on System.Web contributed by João Bragança (thefringeninja)
• #933 - Local/External Authorization without View.
• #932 - 401 trying to follow the Simplest Auth Walkthrough
• #931 - Nonce Validation Error on back button after initial login
• #929 - [InvalidOperationException: IDX10803: Unable to create to obtain configuration when running idp and client site as sub sites within the same domain
• #928 - vNext build missing wwwroot folder
• #927 - Building vNext branch - LibLog dependency changed?
• #926 - Preauthenticate_sync causes error
• #925 - AntiXssLibrary bringing in System.Web as a transitive reference. +enhancement
• #924 - simplest OAuth2 Authorization Server blows up with Client
• #923 - Custom View Service + Linking Logins
• #921 - Method Not Allowed trying to get Identity Server to work
• #920 - implemented paging in ITransientDataRepository contributed by Felipe Leusin (felipeleusin)
• #919 - Cached IdentityServerHost Value
• #918 - Name claim not included in ResourceOwner flow
• #917 - Only discover your own, internal, WebAPI controllers. contributed by Damian Hickey (damianh)
• #916 - Redirect URL Issue
• #915 - Allow Client Credentials flow for any client
• #914 - Refresh tokens lost on reboot?
• #912 - Clients Need to be available for particular user how to make that.?
• #911 - Can a client use ResourceOwner and ClientCredentials flows simultaneously?
• #910 - Not Authorized when signing out
• #909 - Log claims when external provider claims failure
• #908 - Instead of loading Predefined user list to the InMemoryUser ,How we can take single record from database based on is username and Password to this paricular record we have to authenticate.
• #907 - Creating authorization code in PreAuthenticateSync causes too many redirect error
• #905 - Upgrading from beta to 1.1.0
• #904 - User Import Registration Workflow Question
• #902 - Value of Reference Tokens, Hybrid Flow and CORS
• #898 - Unauthorized Issues
• #896 - Reference Token Cache Store
• #893 - IdentityServer 3 with ADFS in SPA
• #892 - Changed level from error to warn on refresh token contributed by John Korsnes (johnkors)
• #890 - Store access_token for multiple use
• #889 - Tests for DefaultLocalizationService contributed by John Korsnes (johnkors)
• #871 - EnableHttpLogging causes anti forgery token verification error during partial log in.
• #862 - EndSessionRequestValidator Log Non-authenticated as Warnings +enhancement
• #853 - ITransientDataRepository.GetAllAsync paging
• #833 - Support for IdP-initated SSO to Identity Server
• #823 - Question: Windows Authentication
• #816 - Question: Claims transformation and first time registration for third party Id Server.
• #810 - Add instance per http request to registration
• #802 - Better encapsulate service registrations that themselves have dependencies +enhancement
• #729 - Cors policy should be a service
• #666 - Automatic Logout After Timeout Period
• #584 - Allow CORS settings on Client registration
• #573 - Allow refreshing claims when refreshing access token

Commits: 9644d76162...db9646650c

1.1.1 (11 February 2015)

• #906 - Logout Confirmation Not Displayed When PostLogout Redirect Matches
• #903 - How to connect Identity server 3 with MembershipReboot
• #901 - External id provider and claims transforms
• #900 - Failed to migrate from the RC version to the 1.1.0
• #899 - Questions related to SPA with no backend
• #897 - In Identity server we are loading the user list before login page called..why we have to call like that..?
• #895 - IdentityServer as an OAuth 2 Authorization Server for Azure API Management
• #894 - "Big name" users of Thinktecture.IdentityServer3?
• #891 - AntiForgeryToken not working the provided samples
• #888 - Add Owin Middleware to Thinktecture and support DI containers
• #887 - authentication works correctly in iis express, but keeps on throwing 401 unatuhorized when hosted in iis
• #886 - Token Revocation in 1.1 (latest stable nuget) - 404 Response
• #885 - Question
• #884 - ICache Delete
• #883 - This repositories gh-pages branch is outdated
• #878 - Registration workflow
• #877 - Nuget package for core classes.
• #876 - Route Sharing / Extended Idv3 Route
• #875 - If am using Identity server 3 for my web application in that web api also there if i have added authorize for api then how i can call api from android application
• #874 - Relying Party Configuring With Thinktecture IdentityServer3 EntityFrameWork
• #873 - ‘JavaScript Implicit Client – TokenManager’ does not use AngularJs
• #872 - UserInfo and others drop Claim ValueType +enhancement
• #870 - Logout using multipe identityservers
• #869 - How to implement Thinktecture.IdentityServer3 For android application
• #868 - Value cannot be null exception after upgrade
• #867 - Error AccessTokenValidationEndpoint multiple request
• #865 - MembershipReboot and Roles
• #861 - MembershipReboot Integration Authentication Issues
• #859 - Migration path from Katana OAuth server middleware to IdSv3
• #857 - Welcome screen cannot be overridden with assets folder +enhancement
• #850 - Localization of resx messages
• #840 - IdentityServer 3 not returning custom claims
• #838 - The entity type IdentityRole is not part of the model for the current context.
• #836 - Getting firstname and lastname as claims
• #828 - Getting access to the Autofac Container
• #827 - Identity Server Configuration
• #795 - Consider SPOP spec
• #706 - Built-in support for 2FA
• #442 - Consider token introspection spec for validation endpoints
• #421 - Add support for token revocation
• #160 - Feature: Google Authenticator Integration

Commits: 4c78b42359...9d422a9c45

1.1.0 (04 February 2015)

• #866 - Set claims of type Constants.ClaimTypes.AuthenticationTime as number +enhancement
• #864 - 415 Unsupported Media Type from Token Endpoint
• #863 - Consent screen - can it be dropped?
• #858 - Add token revocation endpoint (RFC 7009) contributed by Dominick Baier (leastprivilege)
• #854 - After deploying Identity Server 3, i am getting access denied error how fix it..
• #852 - Fix for resource string not matching resx key invalid_scope contributed by John Korsnes (johnkors)
• #848 - Access and Refresh Tokens stay valid
• #842 - limiting or protecting CSP Report Endpoint? +enhancement
• #830 - WelcomeController + WsFederationController have same routes

Commits: 91a698c37e...b352a13332

1.0.2 (01 February 2015)

• #855 - Deriving from LogProvider
• #834 - idp not set in IUserService.IsActiveAsync on validating subject in refresh

Commits: 8d9adfa00f...41c0c791be

1.0.1 (01 February 2015)

• #856 - single sign-out multiple applications
• #851 - Sample for Session Management Spec?
• #849 - After Deploying Identity Server 3 in website i am Getting Access denied error in Cryptographic dll related issue
• #846 - Cert.Load() Error on shared hosting
• #845 - Discover all available roles
• #844 - Can we host our Identity server 3 in http instead of https
• #843 - Username returns \x40 intead of @
• #841 - How do I sign in to a specific tenant?
• #839 - Web API Auth'd but GetUserId() and GetUserName() extensions return null...
• #837 - Password change is effective only after process recycle
• #835 - Corrected samples link contributed by (jerackista)
• #832 - Debugging [Authorize]
• #831 - Custom Login: Use Thinktecture in background
• #829 - Owin env removed from the IViewService
• #826 - Reference Token Validation throws exception
• #825 - Token duration
• #824 - Reverse proxy redirect issue
• #822 - Consent page
• #821 - Reach claims from external provider in OpenIdConnectAuthenticationNotifications
• #820 - Notification after Token validation
• #819 - Injecting IClientStore and MessageCookie to MVC controllers
• #818 - Extending standard access token claims
• #817 - implementing support for ASP.NET SQL Membership
• #814 - Add length restrictions for authorize and token requests
• #813 - Add key length check for signing cert
• #811 - OpenID Connect, OAuth2 and User Details Syncronization
• #803 - Enhancement at the login page - PRG
• #800 - Logout from ADFS
• #785 - Rename PublicHostName and add code comment to describe usage
• #767 - Handle idp acr_value when idp is IdentityServer
• #763 - InMemoryAuthorizationCodeStore.GetAsync removes item from store
• #760 - The summary information for Client.RefreshTokenExpiration and Client.RefreshTokenUsage is switched.
• #756 - Handle invalid idp on authN controller
• #755 - Hide login with diff account menu when idp is present
• #753 - AllowLocalLogin doesn't work
• #748 - Pre-populate the username field based on the value of login_hint
• #696 - Add welcome page
• #588 - Rework logging everywhere
• #555 - How to build on mono?
• #261 - Cleanup embedded stylesheet

Commits: 0203fe8147...363c730297

1.0.0 (24 January 2015)

• #812 - adding custom controllers to extend functionality
• #809 - Post RTM: Solution for being able to authenticate users from trusted domains outside idsrv domain.
• #808 - Explicit enum values
• #807 - NormalizingClaimsFilter maps OpenId claim types to WIF instead of doing the opposite
• #806 - Add a Gitter chat badge to README.md contributed by The Gitter Badger (gitter-badger)
• #805 - Wiki documentation link is broken
• #804 - UserService is instantiated twice
• #801 - PromptMode = "select_account"
• #799 - JS Client WebAPI call and token refresh
• #798 - MVC Authentication Sample
• #797 - Identity Server admin portal
• #796 - Large token - caused "request exceeds the configured maxQueryStringLength"
• #793 - Add localization
• #792 - IdentityServer V3/MembershipReboot TwoFactor Auth
• #791 - Single Client may have multiple secrets
• #790 - Url too long on Access token validation endpoint
• #789 - How to remove IdSrv cookies
• #788 - Host Identity Server IIS
• #787 - Question: is it possible to allow any in the client RedirectUris?
• #786 - InMemoryFactory on a cluster environment
• #784 - Refresh token does not update claims
• #783 - How to Migrate from Identityserver v2 to Identityserver v3
• #782 - Update FormPostResponse.js contributed by (danielcrisp)
• #781 - Can you direct me to the extension point for adding custom scopes to the UserInfoEndpoint?
• #780 - Authentication Not Sticking
• #779 - Update FormPostResponse.js contributed by (danielcrisp)
• #778 - IE7 Error - querySelector
• #777 - View/Reset clients a user has granted consent to? (AllowRememberConsent/model.rememberConsent)
• #775 - Add a "client secret type" to the secret validator/client secret to prepare for client cert authN
• #774 - SlidingExpiration set to true not working on idsvr
• #773 - Add external logins to existing local login
• #772 - Configuring multiple Identity Servers
• #771 - Error occurred during a cryptographic operation
• #770 - Ajax call authentication within an OWIN client
• #769 - Customize x-frame-options header for authentication pages
• #768 - How to retrieve the login url?
• #766 - Redirect to login page from custom service
• #765 - Open ID Connect and native public app using Thinktecture.IdentityServer.v3
• #764 - Get Access to UserManager inside my own controller
• #762 - Missing signin cookie
• #761 - Adding to an Fsharp project causes compile error with Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver
• #759 - Saml2 support
• #757 - Architecture Advise For Multiple User Types + Shared Apis
• #754 - Client Ip Address int IUserService
• #752 - Added empty ctor to ClientSecret for serialization use contributed by John Korsnes (johnkors)
• #751 - Implict Flow missing hash on redirect
• #750 - Having idsvr deny Access when user doesn't have the required claim or scope
• #749 - Get username during SignOutAsync(ClaimsPrincipal subject)
• #746 - CookieAuthentication - get new token via Ajax
• #736 - Multiple Relaying Party Apps Signout issue
• #732 - Fix encoding of modulus in JWKS
• #730 - New Client Claims functionality strips the claim value type
• #728 - IdentityServerOptions.RequireSsl seems to break :/
• #725 - Allow auto redirect to external idp per client
• #721 - Is it safe to pass the access_token as a cookie to AngularJS?
• #718 - Consider also filling the UserName field on AuthenticationEventBase (for both success and failure)
• #717 - Rework events to use deferred excecution and move filtering logic to decorator
• #716 - Add authentication events
• #710 - Filter claims in CustomGrantValidationResult
• #707 - Add session relevant validation checks to authorize endpoint
• #705 - Client Secret Encryption +enhancement
• #704 - Don't show logout confirmation if valid id_token_hint is passed
• #701 - DisplayMode not set on ValidatedAuthorizeRequest
• #698 - Cleanup tests
• #690 - Cleanup authentication controller
• #689 - Reconcile endpoint settings and other settings (e.g. AuthenticationOptions)
• #688 - Only show enabled endpoints/features in discovery doc
• #687 - Purging message cookies fails when cookies that can not be decrypted exist
• #685 - URL Fragment code in StringExtensions breaks Identity Manager
• #682 - Add HTTP request/response logging
• #681 - Harmonize CustomGrantResult and AuthenticateResult
• #680 - Add support for an optional loginhint/tenant parameter to RO requests?
• #675 - Add custom grant client sample to standard clients sln
• #674 - Rework logging of Validators
• #670 - Remove IssuerUri from all hosts/samples
• #649 - Encoding of special characters in username upon failed authentication
• #642 - Output encode all all values on views (including the ones from the admin backend)
• #597 - Cleanup authorize controller
• #574 - Allow client credentials validation to be extensible
• #525 - Should long lived artifacts have a version number?
• #524 - Add events
• #510 - Relying party claims mapping "pass through" mode
• #483 - Sample for PreAuthenticateAsync
• #482 - Sample for IsActive
• #453 - Add XML comments for public object models
• #452 - Determine which classes are not useful for "outsiders" and thus should be internal
• #392 - Support client key rotation
• #375 - Restrict per client which custom grant types are allowed (when Flow is set to custom) ?
• #259 - Unit tests for refresh token service and store
• #30 - Implement Session Management Spec
• #18 - Windows 8 / Web Authentication Broker sample

Commits: ea7577971e...4a44a9f038

rc (12 January 2015)

• #747 - Resolve failed in RequireSSL middleware
• #745 - Registration vs RegistrationType
• #744 - Getting started. ResponseType = "id_token"
• #743 - /identity vs /core is there a semantic difference
• #742 - Android native app client OAuth2
• #741 - Exception when trying to get access token: "Invalid hashing algorithm for client secret."
• #740 - Error during Publish
• #739 - Question regarding single-sign on
• #738 - OwinContext RequestId is all zeros
• #737 - OwinEnvironmentService Environment not persisting data within same userSession
• #735 - Custom Provider
• #734 - Enhance custom grants
• #733 - Don't purge signin cookies on signout
• #731 - Specific Errors
• #727 - Failed login breaks username as email
• #726 - Why does ValidateCustomGrantRequestAsync return Invalid if no Principal?
• #724 - resource scopes to users
• #723 - How can we use Bearer Token in HTML Page
• #722 - Where is the stock MembershipReboot UserService implementation?
• #720 - PostLogoutRedirectUri not shown for Logout from consent screen
• #719 - Question: Refreshing access tokens when using implicit flow
• #715 - Problems overriding CSS for embedded Views
• #714 - When using Email as Username email gets encoded
• #713 - login button is disabled, if the login text fields are autofilled by chrome
• #712 - "Getting Started" section treats "RedirectUris" and "PostLogoutRedirectUris" as List instead of List
• #711 - "Getting started" page doesn't mention getting idsrv3test.pfx or adding it to project
• #709 - Client secret handling rework contributed by Dominick Baier (leastprivilege) +enhancement
• #708 - usernames with @ show as \x40
• #703 - Getting 401 Unauthorized with valid access token
• #702 - No consent view displayed in mvc step by step sample
• #700 - How to combine client authorization with user authorization
• #699 - post_logout_redirect_uri in implicit client
• #697 - Define new TOC for documentation
• #695 - Added unit test to check for types that are ILMerged but publicly exposed contributed by James Geall (jageall)
• #694 - Create documentation site
• #693 - Document new RO flow parameters
• #692 - Load Balancing - Round Robin
• #691 - Add session management contributed by Dominick Baier (leastprivilege)
• #686 - Fixes #687: Purging message cookies fails when cookies that can not be decrypted exist contributed by Catalin Bocirnea (ca-ta)
• #684 - How to make a form post after id_token timeouts
• #683 - HTTP Logging prototype contributed by Dominick Baier (leastprivilege)
• #679 - After upgrading to 1.0.0-beta4-1 I get error method not found when registering stores
• #678 - Is a custom grant validator necessary when adding custom claims?
• #677 - Identity Server Setup...
• #676 - ctx.Authentication.AuthenticateAsync(Constants.PartialSignInAuthenticationType) always null
• #672 - Correct authentication flow for cross service calls
• #669 - Federation With AD / AAD
• #668 - Add callback URI's for WinRT samples (Store & Phone) contributed by Kevin Dockx (KevinDockx)
• #665 - Question: Why is constructing an AuthenticateResult with a ClaimsPrincipal internal only?
• #663 - Multiple domain authentication
• #662 - Improve registration and DI API
• #659 - Refresh tokens can have different client Ids to the wrapped Token
• #657 - Include acr in token from cookie claims
• #656 - Improve error message when no signin cookie found
• #655 - Look into cleaning up sign messages
• #652 - No login hint in ExternalAuthentication
• #645 - Fully customise IViewService using MVC?
• #643 - HSTS App Builder Extension doesn't allow a zero time duration for max-age
• #638 - Automatic login after registration
• #634 - Support for Azure AppInsights (CSP otions) +enhancement
• #633 - Reorg assets
• #601 - LoginProviders in external identity providers.
• #592 - Create a Web API trace writer for IdSrv's LogProvider
• #581 - Consider service interface for message localization
• #549 - Add claims to Client model
• #536 - Is there a before you deploy checklist or document yet?
• #476 - Update AuthenticationOptions docs
• #468 - Documentation for new file based views service
• #467 - Add walkthrough for JS based apps
• #324 - Performance improvements
• #249 - 2FA

Commits: 9508c6d1dd...2c0ef5f7dc

beta4-1 (23 December 2014)

• #673 - Configuring Clients and Scopes from a UI
• #671 - Question: Looking for further help with config & SSL trust
• #667 - DI Update contributed by Dominick Baier (leastprivilege)
• #664 - [wiki] Getting started walkthourgh issues
• #661 - add localization service contributed by Brock Allen (brockallen)
• #660 - Fixes #659 : Change RefreshToken to use ClientId from token contributed by James Geall (jageall)
• #654 - Login Hint in SigninMessage
• #653 - OAuth2 State and NOnce
• #651 - Question: how to get claims to client via OpenId but without UserInfoClient
• #650 - Adding client claims contributed by Dominick Baier (leastprivilege)
• #648 - Infinite Loop in Firefox
• #647 - Single Sign Out
• #646 - Implicit Grant, resource scope + role claims in access token
• #644 - Merge pull request #1 from thinktecture/master contributed by Anders Vindberg (vindberg)
• #641 - Token Endpoint for password grant_type
• #640 - Loggin Trace Events from Membership Reboot
• #639 - Use Email as UserName
• #637 - Update README.md contributed by Daníel B. Sigurgeirsson (danielbsig)
• #636 - FormPostResponse.html add meta data
• #635 - Resource/Action Based Authorization
• #632 - [wiki] Info on how to load the certificate from Azure Websites
• #631 - Inject reference token id or jti in IsActive?
• #626 - Require 2-Factor for certain areas
• #623 - Allow returning error message from custom grant validator
• #622 - Remove all OWIN environment parameters on methods - use resolvable environment instead
• #614 - Make OWIN environment resolvable via DI
• #606 - Logging is confusing in Validation\AuthorizeRequestValidator.cs
• #605 - Replace Guids with RNG generated numbers
• #590 - Allow enabling Web API internal diagnostics via idsrv options?
• #578 - CookieOptions Prefix doesn't change the idsrv.xsrf Cookie Name +enhancement
• #571 - SHA256 Hash Algorithm Not FIPS Compliant
• #568 - Trying to use WSFederation in ASP.NET MVC implementation
• #567 - Fixes #566 contributed by Norbert Eder (norberteder)
• #566 - Redirect-Issue when using reverse proxy and PublicHostName
• #564 - Replace DateTime with DateTimeOffset
• #562 - Consider making AuthenticateResult ctor easier
• #552 - Change IScopeStore to only load necessary scopes
• #548 - Add remember last username authN option
• #547 - Display Client Logo on consent page
• #544 - Default claims mapper needs to filter out external protocol claims
• #543 - Fix wrong check when adding hash fragment contributed by Koby (kobynet)
• #542 - OpenIdConnectProtocolInvalidNonceException: IDX10311
• #535 - Dynamic RedirectUris validation
• #534 - Including ip address and user agent for cookie auth
• #522 - Add id to issued access tokens
• #514 - Return errors as form post when response_mode is set to form_post
• #512 - Add a signout API to IUserService
• #511 - Default IssuerUri to current pathbase when empty
• #508 - End Session endpoint
• #507 - Show request ID on error page
• #477 - Fix layout on login page
• #474 - Use Case for Multiple Applications
• #471 - Integrating IdentityServer.v3 database with an existing database
• #455 - Press browser back button after successful authentication.(continued)
• #391 - Consider ACR to prevent remember me
• #379 - How to create an address claim?
• #355 - Expose a hook for exception handling

Commits: 059fdc1969...5a6dd546ad

beta4 (14 December 2014)

• #630 - Resource owner flow - why is a client secret mandatory?
• #629 - Remove OWIN environment from service signatures contributed by Dominick Baier (leastprivilege)
• #628 - Removed OWIN environment from service signatures contributed by Dominick Baier (leastprivilege)
• #627 - Question about UserInfo requests
• #625 - Custom user validation
• #624 - Updating to latest LibLog contributed by Aaron Powell (aaronpowell)
• #621 - IncludeAllClaimsForUser not working
• #620 - convert use of URI to string in models contributed by Dominick Baier (leastprivilege)
• #619 - Question: Access Client info in IUserService.GetProfileDataAsync
• #618 - Server.v3 and ADFS
• #617 - Redirecting to Root
• #616 - Where is UseIdentityServerJwt extention?!
• #615 - Not clear why Chrome requests a client certificate when hosted with SSL
• #613 - Missing Refresh Token in JWT for Resource Owner Flow
• #612 - (delete issue)
• #611 - IOwinContext not resolved by Autofac +enhancement
• #610 - Endpoint revoke token contributed by Raul Molina (RaulMo7)
• #609 - Ability to add global filters into Identity Server HttpConfiguration
• #608 - Refreshing Claims in an Relying Party
• #607 - Is it possible to add claim as array such as scopes ?
• #604 - Federated IdentityProvider with Passive Login
• #603 - External Identity Provider Doco
• #602 - "id_token token" vs "id_token"
• #600 - Getting started walkthourgh issue
• #599 - System.ArgumentNullException: Value cannot be null. Parameter name: certificate
• #598 - Multi tenanancy, user creation and such
• #596 - Question: Custom Views without Angular
• #595 - Changes persisted items to use DateTimeOffset contributed by James Geall (jageall) +enhancement
• #594 - No IUserTokenProvider is registered.
• #593 - "Username is required" error during AuthenticateExternalAsync with MembershipReboot
• #591 - Resource Owner Flow with Refresh Token sample returns unauthorized after 60 seconds if token not first refreshed
• #589 - I want to decrypt password which is store in sql database in When we create user from identity manager
• #587 - I want to add l forgot password buttin in login page .
• #586 - Add event ids on log messages
• #585 - Using in Desktop application logon logoff
• #582 - Documentation for new view manager/assets
• #570 - Exponent and Modulus members are no included in the jwks document when the key type is RSA +enhancement
• #560 - User impersonation
• #553 - Hosting IdentityServer v3 on IIS on server 1 and call it from an MVC and WCF in another server
• #533 - Not getting trace messages from TokenValidator +enhancement
• #532 - EndSessionRequestValidator rejects the IdTokenHint when it's lifetime exceeded
• #521 - id_token has a nonce when requested in code flow (op-idt-nonce-code)
• #503 - Accept token in post body in UserInfo endpoint
• #498 - Expose Autofac ContainerBuilder for advanced registrations +enhancement
• #496 - Login customization
• #490 - Hack: Automatic login after registration
• #481 - Update to new LibLog
• #462 - Question: extend Logout action in AuthenticationController
• #459 - Look at all uses of IsActive
• #443 - Getting Started: Comment and question

Commits: 629dad7e15...baadc3ea49

beta3-4 (23 November 2014)

• #583 - Configure SingleSignOn using Thinktecture.IdentityServer.v3 with IdentityManager using MembershipReboot.
• #580 - #570 - Added Exponent and Modulus members to JWKS Discovery Document contributed by Scott Lance (ScottDLance) +enhancement
• #579 - Adding Exponent and Modulus members to the JWKS Document contributed by Scott Lance (ScottDLance)
• #577 - Friends don't let friends use MSTest contributed by Damian Hickey (damianh)
• #576 - CryptographicException occured when running IdSrv3 in AspNet
• #575 - Question: Signing and difference in accesstokens and identitytokens
• #572 - Guid as "Subject" Causes IdentityServer not to redirect back to client
• #569 - Authorization Code Flow and nonce in token request
• #565 - CreateAccessTokenAsync not virtual since change on October 5th.
• #561 - Ws federation authentication login error
• #559 - Issue with CustomUserService
• #558 - Providing tenant details to custom views.
• #557 - Getting started sample on Azure Website: querySelector error (js not loaded?)
• #556 - There was an unexpected error
• #554 - Extend resource scope with claims, but not returned in access token?
• #551 - Beta 3 - Membership Reboot Not working
• #550 - Entering User Credentials From Home Page
• #546 - WsFederation error 400
• #545 - Authorizing web api
• #540 - Tenant with ResourceOwner flow
• #538 - Remove id token hint life time validation on end session contributed by Rony Klachko (rklachko)
• #537 - Remove id token hint life time validation on end session contributed by Rony Klachko (rklachko)
• #531 - Registration Hook for External Providers
• #530 - MembershipReboot Urls - Should they point to identity server pages?
• #529 - Getting started: Project Architecture and Authentication Choices
• #528 - NHibernate Library for IdentityServer
• #527 - Azure AD provider redirect url
• #526 - i want to add forget password link
• #520 - Help with how to implement IdentityServer with WebApi and Javascript based client
• #519 - Super fast build speed of IdSrv.v3 in VS2013
• #518 - [wiki] passing Scopes.Get() for InMemoryFactory.Create scopes parameter
• #517 - I want to add link in login page for forgot password
• #516 - [wiki] Scope.StandardScopes > StandardScopes.All
• #515 - I want to add link in login page for forgot password
• #509 - RedirectUri configured in RedirectToIdentityProvider doesn't return correctly in AuthorizationCodeReceived
• #506 - Any better way for webforms than form-post from old sample
• #505 - Difference between user service and view service
• #502 - Validate Client Credentials with Active Directory
• #500 - Revisit CorellationManager
• #499 - IScopeStore
• #488 - Handle case of stale xsrf cookie contributed by Shannon Kasper (ShannonKasperNoesis)
• #475 - Not Support Angularjs 1.3
• #437 - Re-work logging/tracing/auditing/eventing
• #110 - Create admin UI for core configuration

Commits: 84eb9c919a...186117a7cc

beta3-2 (08 November 2014)

• #504 - In the MVC CodeFlowClient Manual where is it storing the Token Information
• #497 - Understanding the correct method for implementing simple SSO
• #495 - Protected properties for DefaultClaimsProvider contributed by Giorgio Lasala (salem84) +enhancement
• #493 - Token.SubjectId property exception with reference tokens for client credentials
• #492 - Cannot construct a X509SigningCredentials instance for a certificate without the private key
• #491 - Extending IViewService?
• #489 - Using a "hidden" secondary authentication with IdentityServer.v3?
• #487 - Is it possible to use tokens for API and cookies for MVC in the same app?
• #478 - External identity's not logging in

Commits: daa0137e77...f95470c3d6

beta3-1 (30 October 2014)

• #485 - WebAPI how to send unauthenticated users to IdentityServer?
• #484 - login_hint tenant
• #479 - Update walkthrough to Beta 3
• #470 - Sign out from app doesn't work properly with WS-Fed
• #466 - Add external IdPs to walkthrough
• #414 - Callback URI for Flows.Code with query parameters fails

Commits: 8781358744...1328dc0efa

beta3 (28 October 2014)

• #486 - Where to put FederationMetadata.xml
• #480 - PFX/Certificate issues when deploying to Windows Server 2012
• #473 - Token expiration
• #472 - Unable to change RP's token type to Jwt
• #469 - Switch to SSL for host and all samples? +enhancement
• #465 - Documentation for external Idps
• #464 - Using Access Tokens in ASP.NET MVC Single Page Application
• #463 - No cookie matching signin id found
• #461 - IDX10614: AsymmetricSecurityKey.GetSignatureFormater exception
• #460 - support 'private' scopes to be kept out of .well-known/openid-configuration +enhancement
• #458 - OAuth redirect uri issue
• #457 - Unable to Logout of sample MVC app when id_token claim is already missing
• #456 - Add filter helpers
• #454 - Create Data extension points
• #451 - Need to validate idp is in client's allowed list for already authenticated users
• #450 - XSRF bug if DataProtector failed to Unprotect the cookie value
• #449 - Problem updating to IdentityServer.v3 Beta 2-1 Nuget
• #448 - Token Default Constructor for easier serialization contributed by Philipp Aumayr (paumayr)
• #447 - Token should provide a default constructor for serialization +enhancement
• #446 - Fixed misspelling in OIDC discovery config JSON contributed by Chris Simmons (NetChris)
• #445 - Prevent incorrect content type for various endpoints
• #444 - Best way to have a long lived client
• #439 - Check IsActive when issuing new tokens
• #436 - DI problem with my own LocalRegistrationController
• #435 - Question: Using IdS v3 as an External Login for IdS
• #434 - Azure mobile services question
• #424 - ErrorPageFilterAttribute does not set ErrorViewModel.ErrorMessage property
• #420 - Logout or token revoke OAuth2 Identity Server
• #418 - Add cookie authentication validator for primary authentication type
• #416 - Consider refactoring IUserService
• #415 - Authorize form post needs to use assets API
• #412 - Self-service page to revoke consent, refresh tokens and reference tokens
• #383 - Consider updating to Autofac.Owin
• #368 - Improve error pages
• #356 - Add support for returning all claims for a subject
• #329 - All display strings should come from the resx
• #322 - Add protection for persisted token handles, authorization code and refresh tokens
• #315 - end_session_endpoint does not support post_logout_redirect_uri. +enhancement
• #306 - Add "FileSystemThenEmbeddedResource" Strategy ViewService
• #273 - Configuration option for prompt on logout
• #235 - Anti-forgery tokens where needed
• #211 - Filter allowed idps on login page
• #168 - Allowed IdPs per Client feature
• #95 - IdSrv cookie paths +enhancement
• #59 - Add support for WS-Federation and OIDC based IdPs

Commits: 454b4f43e7...fa8cd0f631

beta_2-1 (14 October 2014)

• #440 - Is there IRelyingPartyService implementation for EntityFramework?
• #433 - Question on "RedirectUris"
• #432 - Add kid in JWT headers to identify the singing key used
• #431 - Key rotations, kid vs x5t
• #430 - Fix format string for logging authorization code contributed by Philipp Aumayr (paumayr)
• #429 - Fix format string for logging authorization code contributed by Philipp Aumayr (paumayr)
• #428 - System.NullReferenceException in ReadStream of Certificate [Solution]
• #426 - IViewService methods cannot cause redirects
• #425 - Suggestion: It would be nice for ErrorViewModel to have an Exception property
• #423 - Press browser back button after successful authentication.
• #422 - Bypass Logout confirm page and logout user
• #417 - Link external login to existing account
• #408 - Add support for symmetric signing keys in identity token validator
• #407 - Roles, permissions and scope - clarification
• #406 - PasswordResetFrequency with implicitclient
• #405 - Tests for DefaultRefreshTokenService
• #404 - Tests for identity token TokenValidator
• #403 - Rename IsActive to IsActiveAsync in IUserService
• #400 - Add sample that show how to customize login page based on client
• #396 - Is it possible for IViewService to set output caching headers?
• #394 - IdentityServer and ADFS on the same server
• #390 - External IdPs call AuthenticationController.LoginExternalCallback (core/callback) directly
• #388 - Tests for access token TokenValidator
• #386 - Using roles in claims identity
• #384 - Add Tests for disabled scopes
• #373 - Localization
• #365 - Redirect when login flow canceled or after logout
• #360 - Change UserInfo error handling to conform to RFC6750
• #353 - Rename ApplicationScopes to ResourceScopes in ConsentViewModel
• #347 - Add SignInMessage as param to user service APIs
• #346 - Partial login security enhancement
• #345 - Change GetBaseUrl behavior
• #344 - Remember Me feature
• #328 - Authenticating using other credentials +enhancement
• #307 - Make it possible to handle expired SignInMessage
• #305 - Make SignInMessage lifetime configurable
• #304 - Support for Hybrid Flow
• #262 - Allow adding to the CSP list
• #258 - Cookies must use the same data protector as idsrv itself
• #257 - Add 'Enabled' to Scope
• #256 - Two parallel auth request breaks signin messages
• #251 - Should we have a disable local login flag
• #250 - Allow ~ for prefix to authentication result redirects
• #236 - Separate store from logic in IConsentService
• #217 - Should AuthenticateExternalAsync pass current subject
• #146 - Add IsUserActive/IsClientActive logic to default custom token validator
• #131 - Logout from Upstream IdP +enhancement
• #24 - Identity Token Validation Endpoint

Commits: 6fcdabbefe...78657c86e1

beta2 (07 October 2014)

• #419 - Validate Access Token
• #413 - Add TraceSource log provider
• #411 - Can someone give me or point me to an example of how to setup tracing?
• #410 - IdentityServer and IdentityManager nuget packages both supply Thinktecture.IdentityModel.Constants.TokenTypes
• #409 - Url is too long
• #402 - UserInfo Endpoint Helper Client +enhancement
• #401 - Authorize attribute on WebApi Controller returns 401 Unauthorized
• #399 - Extend SignInMessage with External IdP to be used
• #398 - Signin Message Expiration (question)
• #397 - Serializing the Client and Scopes
• #395 - Configuring Membership Reboot for password reset, etc
• #393 - Redirect URI for Google authentication
• #389 - Getting Custom Claims?
• #385 - User registration
• #382 - Is there currently any UI for managing/registering clients and/or scopes?
• #377 - Resource filtering based upon claims
• #376 - Token endpoint: Check the supplied ClaimsPrincipal first for requested claims before using profile service
• #370 - Pass signInMessage parameters to the view service
• #369 - Use the same token for MVC application and WebAPI as a resource server for MVC via ajax
• #335 - Update readme/docs to point to wiki and nuget packages
• #326 - Why /login require a message ?
• #276 - Host application on IIS (website)
• #210 - Pass client_id from protocol endpoint to login page
• #166 - Create separate repo and nuget for access token validation middleware
• #121 - Implement "redirect after signout"

Commits: b5b5d32f87...1b33386e6b

beta1-2 (25 September 2014)

• #348 - Add support for acr on authorize endpoint
• #343 - Come up with strategy for nightly/dev builds
• #274 - Custom grant type in token endpoint
• #185 - Turn custom assertion extensibility point into more general custom grant type extensibility point

Commits: fed70c505e...294320954b

Beta_1-2 (25 September 2014)

• #381 - Authenticate with Ajax call
• #380 - Question about web assets
• #378 - Implicit Flow Access Token Question
• #372 - Custom view service - Use default view
• #371 - Gracefully handle denial of social provider permissions +enhancement
• #367 - Removed VS2013 as minimum required version from Host project contributed by Stephane Lapointe (slapointe)
• #366 - Dynamic Client Registration support
• #364 - User migration question
• #363 - Add support for adding more claims to authentication cookie
• #362 - Cors on accessTokenValidation endpoint
• #361 - Custom claims seems to be not supported in access tokens
• #359 - Added support for custom grant types (replaces/extends support for more ... contributed by Dominick Baier (leastprivilege)
• #358 - How to refresh tokens gracefully
• #357 - Using IdSrv v3 for SignalR
• #354 - Why do you ILMerge webapi, autofac, etc?
• #352 - Document Nightly Builds / Myget
• #351 - Invalid CacheControl running /core/login?message=
• #350 - Add RAMMFAR docs
• #349 - Can v3 support logging in using ADFS password?
• #341 - Do not force https when PublicHostName is not specified
• #340 - Integrating Idsrv3
• #339 - Implicit & Authorization Code usage question(s)
• #338 - AuthorizationServer part of IdentityServer?
• #337 - Login via mobile client (like Facebook Connect)
• #336 - How can resume from a partial login ensure it goes through custom workflow
• #334 - Name claim is missing when UserInfo endpoint is hit
• #333 - Bug: The server returns a claim value of an array with single item.
• #332 - ClaimsPrincipal not populated
• #331 - Visual Studio 2012
• #330 - Claims update contributed by Dominick Baier (leastprivilege)
• #327 - Redirecting from error to login page.
• #325 - OpenID Connect - Force user to sign in every time
• #323 - Add ability to create custom Content-Security-Policy header value
• #321 - Add the ability to provide a function to validate a redirect URI
• #320 - Google external provider not working
• #319 - TokenValidator needs to check ValidateXXXAsyncAccessTokenAsync result before custom validations
• #318 - Not checking Expiry of JWT in TokenValidator
• #317 - Added post_logout_redirect_uri support to the end_session_endpoint. contributed by Andrew Collard (acollard)
• #316 - No embedded content within the Thinktecture.IdentityServer.v3 NuGet package assembly
• #314 - Make Claims for access_token configurable (per scope)
• #313 - Redirecting to login from javascript
• #312 - Hosting in IIS
• #311 - CustomViewService recommended way to add a View/Action
• #310 - fixes IdentityServer#271 contributed by Christian Endter (cendter)
• #303 - Implicit client flow is not redirecting to return url.
• #302 - Added IdentityServerOptions.GetPublicHostName contributed by (roblysam)
• #301 - Update to Katana v3
• #300 - HTTP Error 403.14 - Forbidden
• #299 - Login form error
• #298 - Secure way to MVC login(DMZ web server) -- to (DMZ 2 server) -- to IDSRV3(internal network)
• #297 - @brockallen Hi, sorry to come back, Related to this issue #294. Loop on requests. I just reproduced with your examples. I will send the step in short time.
• #296 - If I set IsPersistent=false in cookieoptions I cannot login anymore. With IsPersistent=true it works.
• #295 - ResourceOwner Flow using a client certificate
• #294 - Loop on requests
• #293 - What is a "Relying Party"?
• #292 - auth playground +enhancement
• #291 - Endpoints
• #290 - What is this?
• #289 - Is there any documents for installation?
• #288 - How to embed login page inside existing website?
• #287 - Provide constants for standard OIDC scopes
• #286 - Feature: Dynamic Registration
• #285 - Suggestion - Content Security Policy
• #284 - Question about the Certificate and Public Key Storage
• #283 - Single Sign On, not remembering logged in user
• #282 - GetProfileDataAsync hanging
• #281 - Option for user to choose whether they get a persistent cookie (remember me)
• #280 - Identity provider names
• #279 - Audience ~ Issuer in Access Token?
• #278 - Hybrid Flow Support?
• #277 - MVC CodeFlow Client Sample - Local Login Credentials
• #275 - Claims outside standard OpenId Set, Unauthorized vs Unathenticated Questions
• #272 - ConfigureAdditionalIdentityProviders for ADFS
• #271 - TokenUsage.OneTimeOnly vs. TokenUsage.ReUse logic may be swapped
• #270 - Registering Users
• #269 - trying to run sample, but ran into an error
• #268 - Set appropriate data types on non-string claims
• #267 - don't hard code x64 arch contributed by Andrew Gilbert (agilbert201)
• #266 - Protocol violoation: iat, auth_time and updated_at are strings not numbers +enhancement
• #265 - "authorization code flow"
• #264 - Question: Customizing Controllers
• #263 - userinfo endpoint: missing support for duplicate claim types
• #255 - Create Beta1 Documentation (Dominick)
• #254 - Create Beta1 Documentation (Brock)
• #239 - Improve EF Json serilization/deserialization
• #183 - Question: Should display name be passed back as a claim? +enhancement
• #148 - Add a "Always enforce SSL on redirect URI" mechanism
• #39 - MultiTenancy +enhancement

Commits: 95d59411d0...4d4c5850ba

beta1 (31 July 2014)

• #260 - How to? Resource owner flow with Web API.
• #253 - fixes IdentityServer#252 contributed by Christian Endter (cendter)
• #252 - Exception in MVC OWIN Client Sample
• #248 - Unexpected "Internal Server Error" with expired RefreshToken
• #247 - Final product shape
• #246 - logged-in user in web api
• #245 - Redirect Uris, relax requirement such paths below uri also work?
• #244 - Add IdMgr to userService samples
• #243 - implement the CookieOptions.IsPersistent
• #242 - Only do x-frame-options if consent screen is shown on authorize endpoint
• #241 - Missing Support for RefreshTokenUsage + RefreshTokenExpiration in EF
• #240 - What is the best way to migrate from V2 to V3?
• #238 - IdServ for Java projects
• #237 - Active Directory User Service Plugin
• #234 - Remove ws-fed from core
• #232 - Membershipreboot activation error
• #231 - Question token via http get
• #230 - Added "refresh_token" to AuthorizeResponse contributed by (markalansee)
• #229 - [Question] What is the significance of posting an AF token when clicking Login?
• #228 - "MVC OWIN WS Federation" Sample is not working
• #227 - Lockdown CORS
• #226 - Logout page on authN controller
• #225 - Adding Roles By Code
• #224 - Passing through "RedirectUri" to "signInMessage"
• #223 - Invalid metadata
• #222 - Add error page for authorize endpoint errors
• #221 - Support for asynchronous programming throughout Identity Server
• #220 - Active Directory support
• #219 - Validating and using JWT tokens in Web API 2
• #218 - Add Properties Dictionary to CoreSettings (for easy extensibility)
• #216 - Recommended deployment option
• #215 - Add XML documentation to source files +enhancement
• #214 - Having trouble to web deploy the IDP.v3 Host project
• #213 - Error message when trying to use the MembershipReboot UserService factory
• #212 - Recommending a minor fix on the samples Program.cs
• #209 - Question: How to retrieve AspNetIdentity Claims
• #208 - JavaScript Implicit Client sample - Login With Profile and Access Token - Doesn't show ID token
• #207 - Refresh tokens - for review contributed by Dominick Baier (leastprivilege)
• #206 - Adjsut User Service registration in Host Configuration in Startup_LocalTest to DI registration approach
• #205 - Unit tests for refresh tokens
• #204 - Unit tests for consent logic
• #203 - Unit tests/refactor for authenticaiton controller
• #202 - no token on form (for token response type)
• #201 - Error when using MR user service and submitting bad credentials contributed by Rony Klachko (rklachko)
• #200 - Fixed error when using MR and submitting bad credentials contributed by Rony Klachko (rklachko)
• #199 - Unexpected error when using MembershipReboot.UserService and submitting bad credentials
• #198 - Support for certain IdP during authentication request contributed by Rony Klachko (rklachko) +enhancement
• #197 - Question: Interfacing with the AutoFac IOC container +enhancement
• #196 - Notification extensions contributed by Poul Kjeldager Sørensen (s093294)
• #195 - TempCookie NOT created
• #194 - Storing the client public keys
• #193 - Questing. Back to basic. Lifetime and Https considerations
• #192 - Not recognizing MembershipReboot.UserServiceFactory for startup usage
• #191 - Relationship between scope and user rol
• #190 - My Own Identity Provider For Relying Parties in my Institue
• #189 - Signing with secret key throws exception
• #188 - Question: Friction free signing of tokens
• #187 - Switch the LogLvl into suitable Diagnostic.Trace contributed by Poul Kjeldager Sørensen (s093294)
• #186 - Authorize a concrete scope
• #184 - Question: Social network scenario
• #182 - [Todo] Update Trace Diagnostic logger with switch for lvls +enhancement
• #181 - What do spec say about persisting the consent given to a client by the user +enhancement
• #180 - Updated Build Action on items from content to None contributed by Poul Kjeldager Sørensen (s093294)
• #179 - Who over engineered the build / packaging stuff ;)
• #178 - [Suggestion] HtmlResult/AssetManager.GetLayoutHtml+ abstraction +enhancement
• #177 - Owin AuthenticateAsync method always returns null, no request to identity server
• #176 - Do you support the prompt parameter in the authorization requests?
• #175 - New logout architecture
• #174 - Rework Plugin Architecture and WS-Federation Plugin contributed by Dominick Baier (leastprivilege)
• #173 - [Offtopic, Question] Azure Api Management and Identity Server
• #172 - Feature: Customize web views
• #171 - Question: How can I setup and acquire the user scopes from the access token?
• #170 - Is it possible to use IDS.v3 with a client custom login page with links to external providers?
• #169 - Allow to request certain IdP or authentication method during authentication request
• #167 - I'm not able to run any test client
• #165 - Add timestamps to Trace logger
• #164 - Allow providing custom assets (for re-branding the UI)
• #163 - Question: When to use IndentityManager v.s. IdentityServer 3
• #162 - Question: Support for JWT/SAML2 Bearer Flows?
• #161 - Issue when trying to use the Minimal Startup class contributed by Greg Pakes (gregpakes)
• #159 - Feature: track user/client logins
• #158 - Fix new logging approach to work in release mode. contributed by Ciaran Jessup (ciaranj) +enhancement
• #157 - bug?
• #156 - Issue with embedded scenario very slow
• #155 - Multiple instances of client
• #154 - Tabs -> Spaces in logging files to be consistent with code base. contributed by Damian Hickey (damianh)
• #153 - Make all Logger's private static members contributed by Damian Hickey (damianh)
• #152 - Fixed null reference exception getting the logger contributed by Greg Pakes (gregpakes)
• #151 - Prevent inlining when getting current class logger contributed by Damian Hickey (damianh)
• #150 - [question] Is v3 ready for us to try in prod?
• #149 - Question: use access token for Ajax requests in OWIN sample
• #147 - using "roles" with claims based identity
• #145 - In the LocalTestFactory there is a givenname claim defined but i cant find in the incoming principle
• #144 - Remove Web API CORS attribute and add CORS middleware to host
• #143 - SAML2P support
• #142 - Make WsFedPluginOptions available to endpoints
• #141 - Add endpoint enabled checks
• #140 - Add logging to OIDC action results
• #139 - Rework logging for authentication subsystem
• #138 - Rework logging for OIDC endpoints
• #137 - New logging framework contributed by Dominick Baier (leastprivilege)
• #136 - Turn WsFed CookieService into general TrackingCookieService
• #135 - Allow access to UserService from Custom Grant validator
• #134 - Idvrv3 responsibilities
• #133 - Add proper security headers
• #132 - Implement prompt=none
• #130 - Handling of the application related privileges in which component
• #129 - Timeline for production use?
• #128 - owin problems
• #127 - [Question] Best Practice: Code flow or Implicit flow.
• #126 - Fixes #125 - Avoid double-prompting on initial login contributed by Ciaran Jessup (ciaranj)
• #125 - prompt=login support appears broken :/
• #124 - Add a config setting for controlling CORS policy on endpoints
• #123 - ClaimsTransformation and IdentityServer
• #122 - Add tracing to WS-Federation endpoint
• #120 - Setting RequireConsent to false doesn't seem to do anything
• #119 - Add whr support for WS-Fed contributed by Dominick Baier (leastprivilege)
• #118 - Add HRD support to SignInMessage
• #117 - Add whr support to WS-Fed endpoint
• #116 - Unable to find version '1.0.0-alpha-20140528' of package 'Thinktecture.IdentityServer.v3'
• #115 - Patch 1 contributed by (Dulf)
• #114 - How to logoff in the MVC Owin sample
• #113 - Migration Story - IdSrv.v2 / AuthSrv.v1 to IdSrv.v3
• #112 - Allow specification of Schema for the MembershipRebootUserService
• #111 - Fill up PartialSignInRedirectPath
• #109 - Create EF-based persistence layer for core configuration
• #108 - Create separate repo and nuget for EF repositories
• #107 - Create separate repo and nuget for WS-Federation plugin
• #106 - Create separate repos and nugets for user services
• #105 - Add custom validation logic extensibility to access token validation endpoint
• #104 - Add support for encrypted tokens for WS-Fed endpoint
• #103 - Update factory Validate method
• #102 - Default to Trace logger
• #101 - email doesn't come back in token
• #100 - Config reorg contributed by Dominick Baier (leastprivilege)
• #99 - Certificates and Token Validation
• #98 - Authorize each scope
• #97 - Custom ASP.Net Identity
• #96 - How do I add custom claims to the token (resource owner credentials)?
• #94 - Added json response mode for implicit flow contributed by (DennisFrostlander)
• #93 - add coordination between core and pluings to register signout urls contributed by Brock Allen (brockallen) +enhancement
• #92 - Flow and access token verification in a disparate environment
• #91 - Split up Nugets for Core and User Services
• #84 - Switch to Damian's Logging "Framework" ?
• #83 - System.IdentityModel.Tokens.Jwt 4.0.0 breaking changes
• #81 - Make the Embedded FileSystem Optional
• #79 - Have one flow per client + client credentials flow
• #77 - Add json name overrides to allow using standard C# property names contributed by (BrettStyles) +enhancement
• #76 - Client Credentials Grant Flow + claims, oh my!
• #67 - When to use a scope, and when to use a claim
• #66 - Question: WAAD integration
• #62 - Add sample API to Clients sample to show access token consumption
• #51 - Feature: Rebranding the UI +enhancement
• #50 - Thinktecture.IdentityModel.Oidc project +enhancement
• #49 - Persistence Data stores +enhancement
• #46 - Expose "IsUserActive" functionality from IUserService
• #28 - Allow simple customization for identity libraries
• #25 - Identity DB samples
• #23 - Access Token Validation Endpoint
• #15 - Improve interaction between protocol endpoint and authentication subsystem
• #13 - Identity token validation in JS sample
• #11 - Implement support for refresh tokens

Commits: 3a57dd03d1...2e067896af

WsFed_POC (14 May 2014)

• #90 - The UserService implementations were not being included in nuget contributed by Ciaran Jessup (ciaranj)
• #89 - Using Idsrv 3 for in company applications/clients that do not require consent screens.
• #88 - Add WS-Federation endpoint
• #86 - Calling OAuth endpoint
• #85 - Crossover of concerns - WebApi in core delivering HTML content
• #82 - Api Scope Partioning with Scope and Scope Claims
• #80 - Clients : Implicit Javascript Client
• #78 - how it works the PartialSignInRedirectPath?
• #75 - Why does IdentityServerServiceFactory use static stores
• #74 - IdentityManager Preview
• #73 - Extend Acces_Token
• #72 - How to validate the access tokens in WebAPI

Commits: 46ed2c185c...c2b054ac8e

SelfContained_Nuget (05 May 2014)

• #70 - Removed unused string format placeholder. contributed by Chris Simmons (NetChris)
• #69 - Ability to build pre-release package from command line contributed by Damian Hickey (damianh)
• #68 - OpenIdConnectModule - Only applies claims from the identity token, ignores the access token
• #65 - Single sign on
• #64 - Build script contributed by Damian Hickey (damianh) +enhancement
• #63 - Sample API for clients sample contributed by Dominick Baier (leastprivilege)
• #61 - oauth2 authentication
• #60 - Add build script and nuspec +enhancement
• #58 - WS-Star support ;) +enhancement
• #54 - MVC OWIN client + access token

Commits: beae05ef71...cc454f9090

HostingEnhancements (22 April 2014)

• #57 - no external identity -- exiting to login page
• #56 - Allow response type of "id_token token" for form_post response mode contributed by Dominick Baier (leastprivilege)
• #55 - Allow id_token token for form_post response mode
• #53 - How v3 compare to v2
• #52 - Default Constructor on Token contributed by Poul Kjeldager Sørensen (s093294)
• #48 - Question: When Idsrv 3 is done, is Authorization Server still needed?
• #47 - HomeRealms - Per client restrictions?
• #45 - Password required to import certificate idsrv3test.pfx into Local Windows Store (Local Computer\Personal)
• #44 - OAuth client credentials signing/encryption
• #43 - Poor Man's Delegation Actas with OpenIdConnectionAuthenticationModule and idSrv3
• #42 - WebAPI for create user, login.
• #41 - Associate external logins to local login
• #40 - Test Preview 1 on Azure WebSites
• #38 - Modify #Debug contributed by Damiano (dandresini) +enhancement
• #37 - Xamarin
• #36 - Embedded pfx in TestServices contributed by Dominick Baier (leastprivilege) +enhancement
• #35 - How to create an account and login from iOS application?
• #34 - What is differences between Thinktecture.IdentityServer.v3 and Thinktecture.IdentityServer.v2
• #33 - An exception of type 'System.InvalidOperationException' occurred in System.Core.dll but was not handled in user code
• #32 - Make public test installation available
• #31 - Implement refresh tokens
• #29 - Validate tokens in JavaScript Implicit Sample

Commits: 0733901aec...96abc3f7de

Preview1 (09 April 2014)

• #27 - Consent screen: Make enter key trigger "allow" +enhancement
• #26 - Move IdMgr out
• #22 - OWIN/Katana Sample
• #21 - Async contributed by Dominick Baier (leastprivilege)
• #20 - Think about lifetime mgmt of objects created via IdentityServerServiceFactory
• #19 - Changes to consent screen
• #17 - Login Page: Make it work on all current browsers / devices
• #16 - Login Page does not work in WPF Browser Control
• #14 - Sample Native Client
• #12 - Consent screen
• #10 - Implement support for assertion flow
• #9 - Implement support for client credentials flow
• #8 - Implement support for resource owner credential flow
• #7 - Support both reference and self contained access tokens
• #6 - Login Page: Support for external identity providers
• #5 - Login Page: Automatic redirect back to protocol endpoint
• #4 - Define core interface for user management
• #3 - Persist authorize request parameters using cookie
• #2 - Implement scope model to support identity and resource scopes
• #1 - Implement protocol between endpoints and login page using JWTs

Commits: 6f2bcd858f...70a04ff60a