github IdentityServer/IdentityServer4 4.0.0
4.0

latest releases: 4.1.2, 4.1.1, 4.1.0...
4 years ago

As part of this release we had 58 issues closed.
Next big release - after ASP.NET Core 3.1

bugs

  • #4498 fix infinite loop in Token Cleanup after concurrency exception
  • #4496 AuthorizeInteractionResponseGenerator : MaxAge does not respect prompt=none
  • #4368 How to add a custom implementation (e.g. WsFederation) of IReturnUrlParser if everything is internal set in AuthorizationRequest class in next v4.x ?
  • #4295 DefaultClientConfigurationValidator bug
  • #4290 Fix cnf format for MTLS
  • #4268 AddOidcStateDataFormatterCache broken with new JSON serializer
  • #4173 Duplicate UserLoginSuccess/Failure events when using resource owner grant and IdentityServer4.AspNetIdentity
  • #4145 Error Response with invalid redirection URI on authorize endpoint
  • #4129 Fix logger category name for BackChannelLogoutHttpClient
  • #4095 Return invalid_grant when redirect_uri is invalid on token endpoint
  • #4075 Error Response with invalid redirection URI
  • #4037 Bug Fix #4036 - missing crv value when passing JsonWebKey to AddSigni…

enhancements

  • #4504 Update error handling for invalid response modes
  • #4502 Update form content check to reject multipart forms
  • #4501 Update authorization code validation to do client binding check before deleting the code in the store
  • #4499 Allow setting domain on SessionIdCookie #4406
  • #4444 Make sensitive data filters configurable
  • #4439 namespace cleanup/refactor in host (to support templates)
  • #4428 add consumedtime to persisted grant and refresh token
  • #4427 Features/bootstrap update
  • #4409 Add strict JAR mode
  • #4390 enhancements to add logout notification service as first class service
  • #4376 Features/grants enhancements
  • #4361 Extend JWT token validation to accept space separated scopes
  • #4360 Adapt JWT request validation to latest JAR spec
  • #4357 Add iat to access tokens
  • #4352 Emit jti by default
  • #4343 Add option to set SameSite mode for internal cookies
  • #4342 Add option to emit scopes as space separated string in JWT (as opposed to array)
  • #4245 Strict redirect uri validator app auth with path
  • #4237 Make aspid profile service more extensible
  • #4235 end session changes: IsActive no longer called and no longer default to a single redirect uri
  • #4234 Use non-case sensitive string for any ids
  • #4227 switch to named HTTP clients from factory (instead of typed)
  • #4226 Reduce usage of Newtonsoft.Json
  • #4210 add sid and device description to grants table
  • #4208 add support for handling multiple prompt values
  • #4204 Add API to interaction service to return error to client
  • #4203 Improve query on cors origins. #3395
  • #4202 include sid (if present) in access tokens #3955
  • #4153 private_key_jwt updates
  • #4026 Added AddUserSession extension method
  • #4024 Add JAR support
  • #4019 Add client setting to require request object
  • #3979 Added notification for device code removal
  • #3969 Make cnf part of Token model
  • #3962 MTLS Update
  • #3892 V4: Multiple signing keys
  • #3761 Add a client setting to require request objects
  • #3732 Remove unused SaveChanges APIs in EF DbContext Interfaces
  • #3692 Removed obsolete code
  • #3413 IUserSession.CreateSessionIdAsync should return sid
  • #3395 Improve query on cors origins.

breaking changes

  • #4335 Remove public origin setting
  • #4199 scope validation refactor
  • #3939 Update PKCE and Consent default settings on Client
  • #3888 Cleanup SignInAsync extension methods
  • #3887 V4: Make client claims serialization friendly

Don't miss a new IdentityServer4 release

NewReleases is sending notifications on new releases.