Skip to content

5.4.0
Compare
Choose a tag to compare
@kevinchalet kevinchalet released this 26 Mar 16:55
5.4.0
d1ae4a2

This release introduces the following changes:

  • The client stack now allows configuring and using custom grant types for advanced scenarios:
options.AllowCustomFlow("my-custom-grant-type");
var result = await _service.AuthenticateWithCustomGrantAsync(new()
{
    AdditionalTokenRequestParameters = new()
    {
        ["my-custom-parameter"] = "value"
    },
    CancellationToken = stoppingToken,
    GrantType = "my-custom-grant-type",
    ProviderName = provider,
    Scopes = [Scopes.OfflineAccess]
});

Note

When using a custom grant type, the following logic is enforced by default:

  • A token request is always sent.
  • An access token MUST be returned by the authorization server as part of the token response.
  • An identity token MAY be returned by the authorization server as part of the token response but it's not mandatory (in this case, OpenIddict will resolve it and extract the principal it contains, but won't reject the response if it's invalid).
  • A refresh token MAY be returned by the authorization server as part of the token response but it's not mandatory.
  • A userinfo request is always sent when an access token was returned and a userinfo endpoint is available, unless userinfo retrieval was explicitly disabled when calling AuthenticateWithCustomGrantAsync().
  • The length of user codes - used in the OAuth 2.0 device authorization flow - can now be configured in the server options:
options.SetUserCodeLength(7);

Important

For security reasons, OpenIddict will throw an ArgumentOutOfRangeException if you try to configure a length that is less than 6 characters.

  • The charset used by OpenIddict to create random user codes can now be configured in the server options:
options.SetUserCodeCharset(
[
    "B", "C", "D", "F", "G", "H", "J", "K", "L", "M",
    "N", "P", "Q", "R", "S", "T", "V", "W", "X", "Z"
]);

Tip

All characters are allowed - including emojis - as long as they represent exactly one extended grapheme cluster (note: non-ASCII characters are only supported on .NET 6.0 and higher).

Important

For security reasons, OpenIddict will throw an ArgumentOutOfRangeException if you try to configure a charset that includes less than 9 characters.

  • The display format used by OpenIddict to "beautify" the user codes can now be controlled using a new options.SetUserCodeDisplayFormat() API:
options.SetUserCodeDisplayFormat("{0}{1} - {2}{3}{4} - {5}{6}");

Tip

If no value is explicitly set, OpenIddict will use the same format as in previous versions (i.e multiple groups of characters separated by dashes).

  • User codes are now re-formatted automatically: developers who want to display them (e.g for a confirmation form) are invited to retrieve them using result.Properties.GetTokenValue(OpenIddictServerAspNetCoreConstants.Tokens.UserCode) - so that a properly formatted code is displayed - instead of using OpenIddictRequest.UserCode.

  • The following providers are now supported by OpenIddict.Client.WebIntegration:

    • Atlassian
    • ClassLink (thanks @anarian! ❤️)
    • Clever (thanks @anarian! ❤️)
    • Todoist
    • Wikimedia

Contributors

anarian
Assets 2
Loading