This release introduces the following changes:
-
TokenValidationParameters.ClockSkewis now supported by OpenIddict, that will honor it when validating the expiration date of a token. -
A bug preventing the
OpenIddictClientService.ChallengeUsingDeviceAsync()andOpenIddictClientService.AuthenticateWithDeviceAsync()APIs from flowing the additional device authorization request/token request parameters set by the application was identified and fixed (thanks @hangy for reporting it! ❤️) -
A bug preventing signing/encryption certificates from being correctly sorted was identified and fixed (thanks Stefan Chiriac for reporting the issue and suggesting the fix!)
Note: 5.0.0-rc1 is the last preview before RTM ships next week. As such, OpenIddict users are invited to start testing 5.0.0-rc1 and share their feedback to ensure no regression affects their applications.