This repository has been archived by the owner on Sep 18, 2021. It is now read-only.
Releases: IdentityServer/IdentityServer3
Releases · IdentityServer/IdentityServer3
2.2.3
Fixed a bug in TokenValidator that got introduced in 2.2.2
2.2.2
2.2.1
2.2
As part of this release we had 19 issues closed.
bug fixs
- #2110 IE Support for CSP
- #2084 Permissions web page: If no logoUri is specified, the frame for the logoUri is still displayed
- #2063 RememberMeDuration Ignored During Partial Signin
- #1904 Secure mode on all IdSvr cookies
- #1619 IIS Multibinding causes automatic IssuerUri to take random name
- #1238 Fix max-age param in HSTS header
- #1000 PostLogoutRedirectUri "lost" when signing out using an external IdP
new features
- #2181 Provide support for federation signout cleanup callback
- #2100 Update validation middleware to support Introspection endpoint
- #1986 Add a cookie to track clients the user logged in
- #1639 Introspection endpoint
- #922 Implement HTTP-based Logout spec
enhancements
- #2175 Add reference token handle to event
- #2174 Add events for client authentication success/failure
- #2105 Enhanced token signing service
- #2085 Allow POST on EndSession endpoint
- #1837 Don't issue XFO on response_mode post on authorization endpoint
- #1641 Add tests for introspection endpoint
- #1640 Add introspection specific events
2.1.1
2.1
As part of this release we had 29 commits which resulted in 12 issues being closed.
new feature
- #1839 Add support for cookie session store
enhancements
- #2042 Scrub user passwords from logs
- #2041 Add more length restrictions
- #2038 Scrub passwords from logs
- #2006 Add OWIN extensions to set PublicOrigin and get PublicOrigin from request
- #1981 Make length restrictions configurable
- #1975 Consider adding viewport meta tag to default layout asset
- #1899 Scope length should be configurable or allow further extensible request validation.
- #1842 Configurable MaxInputParamLength
- #1811 Make public OWIN extension for Resolve()
- #1683 Server sessions in Identity Server 3
- #815 Add validation to incoming handles
2.0.2
2.0.1
2.0.0
Breaking changes:
- NuGet location changed to: https://www.nuget.org/packages/IdentityServer3
- Top level namespace changed to "IdentityServer3".
- Parameters to user service interface changed to context objects
- All return values on the user service APIs moved to the context parameters
- Script tag in the default view service layout template changed to "script.2.0.0.js"
- OWIN extensions:
- GetIdentityServerFullLogin renamed w/ Async
- GetIdentityServerPartialLogin renamed w/ Async
- New PostAuthenticateAsync added to user service. This is called prior to issuing a full login cookie for IdentityServer and allows a consolidated location to check if a partial login is needed for users logging in.
- Removed InMemoryFactory - use new extension methods instead
- Removed TraceLog and TraceSource providers - use Serilog (or any other LibLog supported library) instead
- CorsPolicy removed on main options
- Client configuration: ScopeRestrictions changed to AllowedScopes. We now require opt-in to allowing scopes to clients.
- Event service APIs changed to return Task
- Default view service's HTML files folder changed to "templates"
Changes
- When choosing an external IdP from the login screen, we no longer redirect back to IdSvr before we redirect to the external IdP
- Revoking a refresh token also revokes associated access tokens
- AuthenticateResult now allows anonymous partial logins
- Client configuration now has collection for origins to allow CORS
- Client certificates supported on token endpoint
- Support POST on token validation endpoints
- When the Welcome page is disabled, the route will not be registered
- Added several new OWIN environment extension methods related to partial logins
- Added new URL in partial logins to restart the login process
- When IdP passed to login page then we immediately redirect to IdP, rather than redirecting to our own external login page (which then redirects to the IdP)
- Password field gets focus if username provided
- Partial logins no longer remove the primary login cookie.
- Logging:
- added support for capturing Katana logs
- removed "IncludeSensitiveData" feature
- Reworked custom grant validators
- one custom grant validator per type
- can register multiple
- Reworked client validation - split into:
- secret parsers (parse the environment and turn something into an authenticable secret)
- secret validators (validate the secret to confirm the associated id is correct)
Bug fixes: