4.0.0-rc1
Pre-releaseThis RC release introduces the following changes:
-
While initially planned for OpenIddict 5.0, modifications introducing breaking behavior changes in the URIs handling will finally ship as part of 4.0. Since these changes affect how endpoint URIs are configured, returned and resolved, users are invited to read #1613 before migrating to OpenIddict 4.0 RC1.
-
Relative redirect/post-logout-redirect URIs are now supported by the client stack, for both custom client registrations and web provider integrations:
options.UseWebProviders()
.UseGitHub(options =>
{
// ...
options.SetRedirectUri("callback/login/github");
});
- The client stack now requires enabling flows explicitly (exactly like the server stack), which allows offering better exceptions on misconfigurations and avoids requiring registering signing/encryption credentials when only non-interactive flows like
password
orclient_credentials
are used:
options.AllowAuthorizationCodeFlow()
.AllowRefreshTokenFlow();
- By default, the client stack now aborts challenge operations that are triggered from non-HTTPS pages with an exception message indicating that things may not work properly due to SameSite constraints when using HTTP instead of HTTPS. While not recommended, the client offers the same
DisableTransportSecurityRequirement()
option as the server stack to disable the HTTPS requirement.
options.UseAspNetCore()
.DisableTransportSecurityRequirement();
options.UseOwin()
.DisableTransportSecurityRequirement();
-
New provider integrations have been added to
OpenIddict.Client.WebIntegration
:- Amazon Cognito (thanks @emanuelecastelli! ❤️)
- Mixcloud
- Trakt
- WordPress
- Yahoo
-
The definitions of the existing providers have been updated to allow using the
refresh_token
flow for the providers that support it. Built-in support for the Googleaccess_type
and Redditduration
custom parameters has also been added to allow retrieving refresh tokens. -
References to
URL
oraddress(es)
have been replaced by more genericURI
/uri(s)
references. While not mandatory, maintainers of third-party stores/DB integrations are invited to update their implementation ofIOpenIddictApplicationStore
to useuri
anduris
instead ofaddress
andaddresses
to match the new names used by OpenIddict.