Open.IdentityServer v1.0.0

Open.IdentityServer Release Notes

Version 1.0.0 (Nuget)

New Features

• Added support for resource indicators RFC 8707 (c613bd)
• Setup persisted grant data protection (85703c)

Fixes

• CVE-2024-39694, open redirect vulnerability fixed (6ccfbd)
• When creating token payload, ignore custom claims used for token validation (e.g. aud, iat, etc) (3ed930)
• Remove Nonce requirement when not asking for an ID tokens from the Auth Endpoint (375570)
• Update custom redirect result to make return url construction similar to that of login and consent (970529)
• Post logout in app auth validator using wrong uri list (678dd2)
• Custom Redirect return URL callback incorrect (cb7027)
• Fix GetAuthorizationContextAsync to return multiple query values from returnUrl (e62a27)
• Access tokens created by during refresh tokens flows do not generate new JTI claims (ef57c3)
• Added authorise response parameter 'iss' (cb3f87)
• Set refresh token usage to reuse by default (00f076)

Dependency changes

• Upgrade to dotnet 10.0 (230c70)
• Remove dependency on AutoMapper (5db532)
• Migrate Newtonsoft.Json To System.Text.Json (49b22d)
• Upgraded xUnit to xUnit.v3, replace FluentAssertions with AwesomeAssertions (f6ffe5)

Compatability changes

• Add Id to persistent grant table and use it as key (81c16d)
• Implement full schema compatibility with Duende (3236f9)
• Added complete set of migration scripts for IDS4 (e48e0f)
• Added support for hex encoded persisted grant handles (46ce7d)
• Upgrade persistent grant token models, and ensure backwards compatibility (5a0f15)
• Added key store for compatibility with existing stores (d52e01)