Skip to content

4.5.0

Compare
Choose a tag to compare
@kevinchalet kevinchalet released this 19 Jun 14:21

This release introduces the following changes:

  • It is now possible to have multiple web providers of the same type, which is particularly useful for self-hosted providers like ADFS. To highlight that, the options.UseWebProviders().Use[Provider]() APIs have been deprecated and replaced by new options.UseWebProviders().Add[Provider]() equivalents:
options.UseWebProviders()
       .AddActiveDirectoryFederationServices(options =>
       {
           options.SetIssuer("https://extranet.contoso.com/adfs")
                  .SetProviderName("Contoso")
                  .SetClientId("s6BhdRkqt3")
                  .SetClientSecret("7Fjfp0ZBr1KtDRbnfVdmIw")
                  .SetRedirectUri("callback/login/contoso");
       })
       .AddActiveDirectoryFederationServices(options =>
       {
           options.SetIssuer("https://extranet.fabrikam.com/adfs")
                  .SetProviderName("Fabrikam")
                  .SetClientId("3tqkRdhB6s")
                  .SetClientSecret("wImdVfnbRDtK1rBZ0pfjF7")
                  .SetRedirectUri("callback/login/fabrikam");
       });
  • Multiple client registrations using the same Issuer URI are now supported. Specifying the issuer URI or provider name in challenge/sign-out properties is still fully supported, but setting the new OpenIddictClientRegistration.RegistrationId property is required when adding multiple client registrations that share the same issuer or provider name:
var properties = new AuthenticationProperties(new Dictionary<string, string>
{
    [OpenIddictClientAspNetCoreConstants.Properties.RegistrationId] = "B8E10AE5-9C68-409B-B94B-7E402F8C323C"
});
  • New OpenIddictClientService APIs accepting and returning records have been introduced to make OpenIddictClientService much easier to work with and more extensible (the old overloads are still functional but are decorated with [Obsolete] and will be removed in a future version):
var result = await _service.AuthenticateWithPasswordAsync(new PasswordAuthenticationRequest
{
    Username = "johndoe",
    Password = "A3ddj3w",
    Scopes = new() { Scopes.Profile }
});
  • OpenIddict.Client.SystemIntegration is no longer considered experimental and can now be used without <EnablePreviewFeatures>true</EnablePreviewFeatures>.

  • OpenIddict.Client.SystemIntegration was updated to throw a detailed exception if no CoreWindow is attached to the calling thread when triggering an interactive challenge with the UWP web authentication broker configured as the authentication mode, which will make the fact WebAuthenticationBroker is not supported in Win32 applications more apparent.