5.6.0
This release introduces the following changes:
-
The core, client, server and validation stacks now use
System.TimeProvider
on .NET 8.0+ (thanks @trejjam! ❤️). -
While manually setting
OpenIddictClientRegistration.CodeChallengeMethods
,OpenIddictClientRegistration.GrantTypes
,OpenIddictClientRegistration.ResponseModes
orOpenIddictClientRegistration.ResponseTypes
is not necessary or recommended in most cases (as OpenIddict automatically negotiates the best values automatically), specific scenarios sometimes require restricting the allowed values. To make that easier, new (advanced) APIs were added to the web provider builders:
options.UseWebProviders()
.AddMicrosoft(options =>
{
// ...
options.AddCodeChallengeMethods(CodeChallengeMethods.Sha256)
.AddGrantTypes(GrantTypes.AuthorizationCode, GrantTypes.Implicit)
.AddResponseModes(ResponseModes.FormPost)
.AddResponseTypes(ResponseTypes.Code + ' ' + ResponseTypes.IdToken);
});
- The OpenIddict validation ASP.NET Core and OWIN hosts now allow tweaking how access tokens are extracted:
options.UseAspNetCore()
.DisableAccessTokenExtractionFromAuthorizationHeader()
.DisableAccessTokenExtractionFromBodyForm()
.DisableAccessTokenExtractionFromQueryString();
options.UseOwin()
.DisableAccessTokenExtractionFromAuthorizationHeader()
.DisableAccessTokenExtractionFromBodyForm()
.DisableAccessTokenExtractionFromQueryString();
-
Behavior change: the claim value type validation logic was fixed to support
JSON_ARRAY
claims. As part of this change, theClaimsIdentity.GetClaims()
/ClaimsPrincipal.GetClaims()
extensions have been updated to supportJSON_ARRAY
claims and return all the values contained in the array. -
A bug preventing the OpenIddict client from using the OpenID Connect implicit flow was fixed.
-
The Clever provider was updated to not require a backchannel identity token (thanks @anarian! ❤️).
-
The Auth0 and Microsoft Account/Entra ID providers were fixed to list
implicit
as a supported grant type.