4.5.0
This release introduces the following changes:
- It is now possible to have multiple web providers of the same type, which is particularly useful for self-hosted providers like ADFS. To highlight that, the
options.UseWebProviders().Use[Provider]()
APIs have been deprecated and replaced by newoptions.UseWebProviders().Add[Provider]()
equivalents:
options.UseWebProviders()
.AddActiveDirectoryFederationServices(options =>
{
options.SetIssuer("https://extranet.contoso.com/adfs")
.SetProviderName("Contoso")
.SetClientId("s6BhdRkqt3")
.SetClientSecret("7Fjfp0ZBr1KtDRbnfVdmIw")
.SetRedirectUri("callback/login/contoso");
})
.AddActiveDirectoryFederationServices(options =>
{
options.SetIssuer("https://extranet.fabrikam.com/adfs")
.SetProviderName("Fabrikam")
.SetClientId("3tqkRdhB6s")
.SetClientSecret("wImdVfnbRDtK1rBZ0pfjF7")
.SetRedirectUri("callback/login/fabrikam");
});
- Multiple client registrations using the same
Issuer
URI are now supported. Specifying the issuer URI or provider name in challenge/sign-out properties is still fully supported, but setting the newOpenIddictClientRegistration.RegistrationId
property is required when adding multiple client registrations that share the same issuer or provider name:
var properties = new AuthenticationProperties(new Dictionary<string, string>
{
[OpenIddictClientAspNetCoreConstants.Properties.RegistrationId] = "B8E10AE5-9C68-409B-B94B-7E402F8C323C"
});
- New
OpenIddictClientService
APIs accepting and returning records have been introduced to makeOpenIddictClientService
much easier to work with and more extensible (the old overloads are still functional but are decorated with[Obsolete]
and will be removed in a future version):
var result = await _service.AuthenticateWithPasswordAsync(new PasswordAuthenticationRequest
{
Username = "johndoe",
Password = "A3ddj3w",
Scopes = new() { Scopes.Profile }
});
-
OpenIddict.Client.SystemIntegration
is no longer considered experimental and can now be used without<EnablePreviewFeatures>true</EnablePreviewFeatures>
. -
OpenIddict.Client.SystemIntegration
was updated to throw a detailed exception if noCoreWindow
is attached to the calling thread when triggering an interactive challenge with the UWP web authentication broker configured as the authentication mode, which will make the factWebAuthenticationBroker
is not supported in Win32 applications more apparent.