6.1.0

What's Changed

• Optimize trace/debug logging by @leastprivilege in #685
• Use the built-in CSPRNG GetInt32 by @vcsjones in #663
• Cleanup on the UI quickstart code based on template feedback by @brockallen in #688
• update .NET version in console CC sample by @brockallen in #690
• merge forward bug fix for loading api resources by scope by @brockallen in #692
• Add ActivitySource instrumentation for OpenTelemetry tracing by @leastprivilege in #698
• Bump Serilog.AspNetCore from 4.1.0 to 5.0.0 by @dependabot in #742
• Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.1.0 by @dependabot in #745
• Replace home grown logic of ToSpaceSeparatedString with String.Join by @leastprivilege in #734
• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #776
• Bump actions/setup-dotnet from 1 to 2 by @dependabot in #768
• Bump MinVer from 3.0.0-alpha.1 to 3.0.0-rc.2 by @dependabot in #781
• Add server side session support by @brockallen in #743
• add identity column to persisted grants table by @brockallen in #793
• Bump MinVer from 3.0.0-rc.2 to 3.0.0 by @dependabot in #804
• Bump SimpleExec from 8.0.0 to 9.0.0 by @dependabot in #805
• Update Bullseye by @leastprivilege in #812
• Add minimal build for CodeQL subset by @leastprivilege in #813
• Improve grammar and code readability by @EngRajabi in #800
• update session id and description for user interaction in device flow by @brockallen in #802
• [EF] add back overloaded ctor for accepting store options for DbContexts by @brockallen in #801
• [EF] Add indices to new server-side session tables by @brockallen in #809
• Delete bug_report.md by @leastprivilege in #827
• Update config.yml by @leastprivilege in #828
• Split OpenTelemetry traces into finer grained sources by @leastprivilege in #818
• Reduce noise from key manager logging by @brockallen in #834
• Adopt different logging approach for redistribution license by @brockallen in #811
• Server-side session management features by @brockallen in #820
• Make invalid client behavior consistent in token validator by @brockallen in #835
• [EF] Make persisted grant PK long (from int) by @brockallen in #836
• remove client store use from login page by @brockallen in #863
• Remove setter from Properties on IdentityProvider by @brockallen in #858
• minor reorg of session mgmt service/store/model names, add OTel support by @brockallen in #862
• Bump github/codeql-action from 1 to 2 by @dependabot in #869
• Fix incorrect error path in some pages by @brockallen in #885
• Namespace cleanup by @brockallen in #886
• Fix DI registration to actually allow EF DbContext pooling by @brockallen in #893
• fix sample client compliation errors by @brockallen in #895

New Contributors

• @vcsjones made their first contribution in #663
• @EngRajabi made their first contribution in #800

Full Changelog: 6.0.2...6.1.0

6.1.0 Preview 2

What's Changed

• Optimize trace/debug logging by @leastprivilege in #685
• Use the built-in CSPRNG GetInt32 by @vcsjones in #663
• Cleanup on the UI quickstart code based on template feedback by @brockallen in #688
• update .NET version in console CC sample by @brockallen in #690
• merge forward bug fix for loading api resources by scope by @brockallen in #692
• Add ActivitySource instrumentation for OpenTelemetry tracing by @leastprivilege in #698
• Bump Serilog.AspNetCore from 4.1.0 to 5.0.0 by @dependabot in #742
• Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.1.0 by @dependabot in #745
• Replace home grown logic of ToSpaceSeparatedString with String.Join by @leastprivilege in #734
• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #776
• Bump actions/setup-dotnet from 1 to 2 by @dependabot in #768
• Bump MinVer from 3.0.0-alpha.1 to 3.0.0-rc.2 by @dependabot in #781
• Add server side session support by @brockallen in #743
• add identity column to persisted grants table by @brockallen in #793

New Contributors

• @vcsjones made their first contribution in #663

Full Changelog: 6.0.2...6.1.0-preview.2

6.0.4

What's Changed

• Add CIBA grant type to discovery when endpoint is enabled. by @leastprivilege in #697
• EF fixes by @brockallen in #705

Full Changelog: 6.0.3...6.0.4

6.0.3

What's Changed

• bug for loading api resources by scope by @brockallen in #687

Full Changelog: 6.0.2...6.0.3

6.0.2

What's Changed

• Update documentation link by @Toshik in #669
• Allow empty secret when validating OIDC IDP config by @brockallen in #670

New Contributors

• @Toshik made their first contribution in #669

Full Changelog: 6.0.1...6.0.2

6.0.1

What's Changed

• Fix OnConfiguring exception from EF when DbContext pooling is enabled by @brockallen in #646

Full Changelog: 6.0.0...6.0.1

6.0.0

As part of this release we had 304 commits which resulted in 41 issues being closed.

See our upgrade guide to update from the prior version.

bugs

• #358 Fix inconsistency in CustomRedirectResult vs Login and ConsentPageResult
• #416 Fix bug when storing session id in refresh token
• #419 Fix bug in cache removal for DistributedCacheAuthorizationParametersMessageStore
• #619 Fix PostLogout check in AppAuth redirect validator

enhancements

• #263 Update Quickstart UI to use Razor Pages
• #357 Add temporarily_unavailable error support for ConsentResponse
• #388 [EF] Optimize client query to use a single DB round trip
• #389 Replace Uri.TryCreate with Uri.IsWellformedUriString
• #403 [EF] Change DbContext constructors to support pooling
• #404 Encode persisted grant handles to avoid collation issues
• #405 Add cancellation token support at boundaries
• #410 Enhancements to front channel logout iframes
• #414 Reduce usage of HttpContext extension methods
• #415 Add IdentityProvider validator
• #420 Change the cache key separator to use more redis friendly value
• #421 Add feature to the default cache to prevent concurrent reloading of the cache
• #423 Add finer grained IdentityServerBuilderExtensions for registering cookie authentication services
• #425 Change lifetime of nested options in DI to be more multi-tenant friendly
• #431 Change cache design for resource store cache
• #479 Consider SignInWithClaims in the external login quickstart
• #507 Improvement to OidcProvider
• #557 Prevent ASP.NET Core from caching OIDC provider options
• #583 Add warning when using dynamic provider outside http request
• #588 Adjust license validation logic for v6
• #614 Add simple pages for config management to EF quickstart

internals

• #353 For ISV license, reduce startup license log level to trace
• #409 Suppress EF warning about split query behavior
• #418 Remove custom serialization handling for AuthenticationProperties
• #476 add SaveChangesAsync for backwards compat with prior version
• #516 CIBA TODOs
• #550 Handle TaskCanceledException
• #566 Cleanup on the external callback quickstart UI
• #589 Update community edition license validation rules for v6.0
• #601 EF: shorten client redirect URIs
• #613 Update IdentityModel to 6.0 release
• #625 Adjust ASP.NET Identity integration to use EmailClaimType option

new feature

• #498 Add CIBA support

schema changes

• #352 Add TableConfiguration for "Keys" table in operational EF database
• #355 Add unique constraints to EF tables where duplicate records not allowed
• #356 Add missing columns for created, updated, etc to EF entities

5.2.4

Bugs fixed

• better handling of when user profile is not loaded for x509cert2 usage by @brockallen in #632
• When creating token payload, ignore custom claims used for token validation (e.g. aud, iat, etc) by @brockallen in #633

Full Changelog: 5.2.3...5.2.4

6.0 Preview 3

What's Changed

• Merge patch 5.2.2 by @brockallen in #317
• Switch to .NET 6 Preview by @leastprivilege in #251
• Bump SimpleExec from 7.0.0 to 8.0.0 by @adamralph in #318
• Fix obsolete warnings by @leastprivilege in #321
• Bump dessant/lock-threads from 2.0.3 to 2.1.1 by @dependabot in #324
• Update to .NET 6 Preview 6 by @leastprivilege in #329
• Update Quickstart UI to use Razor Pages by @brockallen in #263
• Update EF and ASP.NET Identity hosts with Razor Pages by @brockallen in #334
• Bump Bullseye from 3.7.0 to 3.8.0 by @dependabot in #370
• For ISV license, reduce startup license log level to trace by @brockallen in #353
• Add TableConfiguration for "Keys" table in operational EF database by @brockallen in #352
• Add unique constraints to EF tables where duplicate records not allowed by @brockallen in #355
• Add missing columns for created, updated, etc to EF entities by @brockallen in #356
• Add temporarily_unavailable error support for ConsentResponse by @brockallen in #357
• Fix inconsistency in CustomRedirectResult vs Login and ConsentPageResult by @brockallen in #358
• Updates for .NET 6 Preview 7 by @leastprivilege in #376
• disable automatic namespaces in .NET 6 by @brockallen in #377
• Bump dessant/lock-threads from 2.1.1 to 2.1.2 by @dependabot in #363
• Bump Microsoft.NET.Test.Sdk from 16.10.0 to 16.11.0 by @dependabot in #359
• use singlular targetframework tag in project files by @brockallen in #387
• [EF] Optimize client query to use a single DB round trip by @brockallen in #388
• Replace Uri.TryCreate with Uri.IsWellformedUriString by @leastprivilege in #389
• add DBContext Pooling by @stefannikolei in #260
• Revert "add DBContext Pooling" by @brockallen in #401
• [EF] Change DbContext constructors to support pooling by @brockallen in #403
• Ignore EF warning about split vs non-split queries by @brockallen in #406
• Encode persisted grant handles to avoid collation issues by @brockallen in #404
• add test for v5 persisted grant handle format by @brockallen in #407
• Suppress EF warning about split query behavior by @brockallen in #409
• Enhancements to front channel logout iframes by @brockallen in #410
• Updates for .NET 6 RC1 by @leastprivilege in #412
• add razor dynamic compilation by @brockallen in #413
• Fix bug when storing session id in refresh token by @brockallen in #416
• Change the cache key separator to use more redis friendly value by @brockallen in #420
• Fix bug in cache removal for DistributedCacheAuthorizationParametersMessageStore by @brockallen in #419
• Remove custom serialization handling for AuthenticationProperties by @brockallen in #418
• rename internal static field to match conventions by @brockallen in #424
• Add cancellation token support at boundaries by @brockallen in #405
• Reduce usage of HttpContext extension methods by @brockallen in #414
• Add IdentityProvider validator by @brockallen in #415
• Add finer grained IdentityServerBuilderExtensions for registering cookie authentication services by @brockallen in #423
• Change lifetime of nested options in DI to be more multi-tenant friendly by @brockallen in #425
• Bump dessant/lock-threads from 2.1.2 to 3 by @dependabot in #435
• Add feature to the default cache to prevent concurrent reloading of the cache by @brockallen in #421
• Change cache design for resource store cache by @brockallen in #431
• add simple perf test host app by @brockallen in #436
• Updates for .NET6 RC2 by @leastprivilege in #463
• Dependency cleanup to allow for runtime provided System.Text.Json by @buvinghausen in #466
• add SaveChangesAsync for backwards compat with prior version by @brockallen in #476
• Bump Microsoft.NET.Test.Sdk from 16.11.0 to 17.0.0 by @dependabot in #487
• Update checkout action by @leastprivilege in #497
• fix Bullseye and SimpleExec refs by @adamralph in #502
• Add CIBA support by @brockallen in #498
• Update to .NET 6 RTM by @leastprivilege in #504
• Bump actions/checkout from 2 to 2.4.0 by @dependabot in #494
• update XML comments by @brockallen in #508
• Improvement to OidcProvider by @brockallen in #507
• Update clients to NET6 by @leastprivilege in #509
• Bump Microsoft.SourceLink.GitHub from 1.0.0 to 1.1.0 by @dependabot in #510
• fix creation time to be utc (not local time) by @brockallen in #511

New Contributors

• @adamralph made their first contribution in #318
• @buvinghausen made their first contribution in #466

Full Changelog: 5.2.2...6.0.0-preview.3

6.0 Preview 2

As part of this release we had 24 issues closed.

bugs

• #419 Fix bug in cache removal for DistributedCacheAuthorizationParametersMessageStore
• #416 Fix bug when storing session id in refresh token
• #358 Fix inconsistency in CustomRedirectResult vs Login and ConsentPageResult

enhancements

• #431 Change cache design for resource store cache
• #425 Change lifetime of nested options in DI to be more multi-tenant friendly
• #423 Add finer grained IdentityServerBuilderExtensions for registering cookie authentication services
• #421 Add feature to the default cache to prevent concurrent reloading of the cache
• #420 Change the cache key separator to use more redis friendly value
• #415 Add IdentityProvider validator
• #414 Reduce usage of HttpContext extension methods
• #410 Enhancements to front channel logout iframes
• #405 Add cancellation token support at boundaries
• #404 Encode persisted grant handles to avoid collation issues
• #403 [EF] Change DbContext constructors to support pooling
• #389 Replace Uri.TryCreate with Uri.IsWellformedUriString
• #388 [EF] Optimize client query to use a single DB round trip
• #357 Add temporarily_unavailable error support for ConsentResponse
• #263 Update Quickstart UI to use Razor Pages

schema changes

• #356 Add missing columns for created, updated, etc to EF entities
• #355 Add unique constraints to EF tables where duplicate records not allowed
• #352 Add TableConfiguration for "Keys" table in operational EF database

internals

• #418 Remove custom serialization handling for AuthenticationProperties
• #409 Suppress EF warning about split query behavior
• #353 For ISV license, reduce startup license log level to trace