Skip to content
This repository has been archived by the owner on Jul 31, 2024. It is now read-only.

Releases: IdentityServer/IdentityServer4

RC5

08 Dec 13:34
@leastprivilege leastprivilege
1.0.0-rc5
7be6b60
Compare
Choose a tag to compare
RC5 Pre-release
Pre-release

As part of this release we had 6 issues closed.

bug

  • #527 Too many scopes from API resource included when querying resource store

enhancements

  • #549 Update Travis to .NET 1.1
  • #547 Support prompt=select_account
  • #534 Expose redirect_uri in authorization context
  • #522 Propagate API names as audiences to the access token
  • #415 Issue a notice when IdSrv uses a expired certificate for token signing
Assets 2
Loading

RC4-Update1

02 Dec 16:36
@leastprivilege leastprivilege
1.0.0-rc4-update1
4b9c7e9
Compare
Choose a tag to compare
RC4-Update1 Pre-release
Pre-release

As part of this release we had 8 issues closed.

bug

  • #512 Scope display name not getting set

enhancements

  • #526 Don't require credentials for for implicit clients on revocation endpoint
  • #525 Remove user claims and change to string collection on resources
  • #524 Include API resource names in access token audiences
  • #521 Do we need UserClaim.Description?
  • #520 Do we need ApiResource.Description?
  • #499 Consider removing AllowAccessToAllScopes
  • #390 Add CSP to host UI
Assets 2
Loading

RC4

30 Nov 14:46
@leastprivilege leastprivilege
1.0.0-rc4
19f32ee
Compare
Choose a tag to compare
RC4 Pre-release
Pre-release

As part of this release we had 10 issues closed.

bugs

  • #475 CSP security headers does not work in Microsoft Edge Browser
  • #470 CustomTokenRequestValidationContext.Result.IsError = true - Throws excepion

enhancements

  • #509 new resource based configuration changes
  • #503 Remove role scope/claim from all sample code
  • #502 Fixes #487 - Name of the session cookie is derived from EffeciveAuthenticationScheme
  • #496 Consider removing ClaimsRule
  • #495 Consider removing IncludeAllClaimsForUser
  • #482 Updated docs for code that doesn't break the program
  • #429 reworked persisted grant service and split into separate interfaces
Assets 2
Loading

RC3

07 Nov 10:37
@leastprivilege leastprivilege
1.0.0-rc3
0d6610b
Compare
Choose a tag to compare
RC3 Pre-release
Pre-release

As part of this release we had 20 issues closed.

bugs

  • #441 session id being overwritten while user logged in
  • #438 RequireSignOutPrompt on Client is Missing
  • #392 Removing session id cookie when user no longer authenticated is incorrect
  • #384 Rename InMemoryLoginService.cs

enhancements

  • #459 Add client protocol check at token endpoint
  • #440 add signout for external idp in UI
  • #436 Change InMemoryUser to support collection initializers
  • #426 Update docs and samples for new API surface
  • #425 Add extensibility properties to Client class
  • #418 Make GetAuthorizationContextAsync extensible
  • #405 Add Login/Logout related events
  • #404 Remove "AddDeveloperIdentityServer"
  • #389 Add logging to cache
  • #388 Add more context to IsActive
  • #381 Disable plain text PKCE by default
  • #380 Check value type for auth_time
  • #368 The naming of AddInMemoryStores
  • #279 Register AddMemoryCache in our AddInMemoryCaching
  • #242 Add CSP/XFO security headers
  • #166 Enable authorize/token validation pipeline extensibility
Assets 2
Loading

RC2

07 Oct 17:22
@brockallen brockallen
RC2
ffa46fe
Compare
Choose a tag to compare
RC2 Pre-release
Pre-release

As part of this release we had 30 issues closed.

bugs

  • #365 Possible NullRefException in UserInfo
  • #354 Claims valueType serialization : Introspection endpoint
  • #287 License URL in IdentityServer4-1.0.0-rc1-update1 package is incorrect.
  • #282 Clear session id on incoming requests if user is no longer authenticated
  • #280 Primary key violation on Persisted Grants after deleting cookies
  • #277 Sometimes get a "idp claim is missing" with AspNetIdentity when authorizing
  • #274 Constants no longer public accessible

enhancements

  • #367 Docs: Update to RC2
  • #366 gen new sid on each login
  • #363 HashSet all the collections
  • #359 Consistently check for Enabled in Clients and Scopes
  • #325 Port "private_key_jwt" from IdentityServer3
  • #319 Consider ignoring IdP acr_value if IdP not in client allowed list
  • #318 Add logic/support to bypass HRD on login screen
  • #317 Add flag for IsAuthenticatedLogout on LogoutRequest
  • #315 Add "Remember me" functionality to sample UI
  • #301 rename quickstart to developer, moved in-mem
  • #299 Update to 1.0.1 ASP.NET Core packages
  • #298 Rename AddIdentityServerQuickstart to AddDeveloperIdentityServer
  • #288 Consider how to allow custom form post authorization response html
  • #286 Scope claim is always a string array
  • #285 tests for FederatedSignOutMiddleware
  • #272 AuthenticationManagerExtensions does not provide an overload that allows for setting persistent cookies
  • #265 Unit tests for client list cookie
  • #264 Unit tests for authN handler/session id
  • #263 Unit tests for persisted grant svc
  • #260 Consider builder extension method for registering IProfileService
  • #256 Verify logging consistency
  • #236 Cleanup result object style
  • #3 Check for our required services in UseIdentityServer
Assets 2
Loading

RC1

06 Sep 17:00
@leastprivilege leastprivilege
1.0.0-rc1
21f94b1
Compare
Choose a tag to compare
RC1 Pre-release
Pre-release

As part of this release we had 49 issues closed.

bugs

  • #228 Weird interaction behaviour when signing in.
  • #201 Logout null exception /connect/endsession
  • #199 Exception during logout in "irregular situation"
  • #193 Permanent Session - Remember my login - idsrv.session expiration

enhancements

  • #249 More Quickstart refactor
  • #248 Ui path rework
  • #244 Quickstart refactoring
  • #243 Design "Quickstart"
  • #241 Making scope parameter optional at the token endpoint
  • #240 Tie session id to primary authentication scheme
  • #239 Make client list cookie scoped to session id
  • #238 Add support for custom token response fields for resource owner and extension grants
  • #234 Update sign out to latest spec
  • #230 Consent & Permission API?
  • #227 Is AuthenticationOptions.EnableLocalLogin still needed?
  • #226 Call IsActive for resource owner requests
  • #225 Move serialisation helpers from EF repo to Core
  • #224 Decorators replacement
  • #223 Unify transient stores
  • #222 Get rid of DateTimeOffset?
  • #221 Get rid of ErrorTypes.Client vs User
  • #220 Discuss IResourceOwnerPasswordValidator
  • #219 Refactor config API
  • #212 Is Token.Client needed?
  • #209 /connect/endsession redirect post_logout_redirect_uri parameter not used
  • #208 Refactoring?
  • #206 Obfuscate introspection events
  • #205 Custom token response headers for custom grants
  • #204 Setup release notes
  • #200 Log noise when using multiple secret validators
  • #194 GetLoginContext on UserInteractionService returns null when posting login
  • #183 Create integration tests for PKCE
  • #181 add PKCE support [WIP]
  • #180 Provide Serialization classes for tokens, claims etc.
  • #179 Factor out InMemory implementation
  • #169 Pass access token claims to profile service via UserInfo
  • #168 Support for public clients
  • #167 Discuss CORS
  • #161 Default client scopes
  • #146 Enable extensibility or replacement of endpoint route names for UI controllers
  • #144 Federated Signout
  • #134 Allow public clients without a client secret
  • #46 How can I create a new ILocalizationService for a new language
  • #43 Enable extensibility or replacement for endpoint handlers
  • #31 Port PKCE Metadata
  • #23 Port Token Revocaction Endpoint
  • #22 Port Custom Token Response Generator
  • #21 Port PKCE Token Part
  • #20 Port PKCE Authorize part
Assets 2
Loading