This is a preview release which contains enhancements, a breaking change, and support for .NET 10 RC2.
Breaking Changes
- Enable nullable reference types by @damianh in #254
- Move to HybridCache in OAuth2Introspection by @bhazen in #274
- Updated Identity Model to use 8.0.0 - Preview 1 in #284
Move to HybridCache in OAuth2Introspection
The use of IDistributedCache in this library has been replaced with the use of HybridCache. Part of this change was the removal of the EnableCaching option. Users who wish to not have introspection results cached should set the new SetCacheEntryFlags options to the value HybridCacheEntryFlags.DisableLocalCacheWrite | HybridCacheEntryFlags.DisableDistributedCacheWrite.
The primary motivation for this change was to disable an additional breaking change in the future. HybridCache does not currently support a mechanism for controlling the cache expiration in a factory method to fetch/create the cached data. This is problematic with introspection as RFC 7662 states: If the response contains the "exp" parameter (expiration), the response MUST NOT be cached beyond the time indicated therein. The requirement of the RFC prevents this library from benefitting from features of HybridCache such as stampede protection as the result of introspection needs to be known prior to interacting with the cache. This will be revisited in the future if and when HybridCache's API surface is updated to allow controlling a cache entry's cache duration inside a factory method.
Enhancements
- .NET 10 RC1 support by @damianh in #211
- Remove SimpleJson by @damianh in #253
- Add API Verification tests by @damianh in #259
- .NET 10 RC2 by @damianh in #277
Contributors
Thanks to the Duende.AspNetCore.Authentication.OAuth2Introspection community for your involvement with issues and pull requests!