github openiddict/openiddict-core 7.4.0
on GitHub

7 hours ago

This release introduces the following changes:

  • The new mTLS-based OAuth 2.0 client authentication feature introduced in the previous version can now be used with the standard client credentials grant.

  • The mTLS token binding implementation was updated to support anonymous clients (in this case, the base SelfSignedTlsClientAuthenticationPolicy instance attached to the server options is directly used and the IOpenIddictApplicationManager.GetSelfSignedTlsClientAuthenticationPolicyAsync()/IOpenIddictApplicationManager.ValidateSelfSignedTlsClientCertificateAsync() APIs are not used).

  • The OpenIddict.Client.SystemIntegration package now restores the ambient request for marshalled authentication demands so that the OpenIddictRequest instance can be accessed from a custom event handler during a call to the AuthenticateInteractivelyAsync() method.

  • A new DisableIssuerParameterValidation flag was introduced to allow disabling the built-in logic used to validate the iss authorization response parameter. Due to #2428, this flag is set to true for the Google provider for now.

Check out latest releases or
releases around openiddict/openiddict-core 7.4.0

Don't miss a new openiddict-core release

NewReleases is sending notifications on new releases.

Get notifications