IdentityServer 6.1.2

What's Changed

• handle bad form data on token (and other) endpoints by @brockallen in #958
• ensure we capture milliseconds of the current DateTime when creating events by @brockallen in #950
• fix incorrect filtering logic in QuerySessionsAsync by @brockallen in #946
• make OperationalStoreOptions public on PersistedGrantDbContext by @brockallen in #945
• capture session id value on token request when refresh token is being used by @brockallen in #944
• add back missing virtuals to PersistedGrantStore by @brockallen in #964
• Make AuthorizationRequest ctor as public to override implementation IReturnUrlParser by @yartat in #791
• Ignore empty query/form input values by @brockallen in #947

New Contributors

• @yartat made their first contribution in #791

Full Changelog: 6.1.1...6.1.2

IdentityServer 6.1.1

What's Changed

• Add support for ClaimValueTypes.Double by @leastprivilege in #914
• Introduce option to emit/suppress iss parameter by @leastprivilege in #922
• Use private logger helper in LicenseValidator by @leastprivilege in #913
• add Id to License parsing by @brockallen in #925

Full Changelog: 6.1.0...6.1.1

IdentityServer 6.1.0

What's Changed

• Optimize trace/debug logging by @leastprivilege in #685
• Use the built-in CSPRNG GetInt32 by @vcsjones in #663
• Cleanup on the UI quickstart code based on template feedback by @brockallen in #688
• update .NET version in console CC sample by @brockallen in #690
• merge forward bug fix for loading api resources by scope by @brockallen in #692
• Add ActivitySource instrumentation for OpenTelemetry tracing by @leastprivilege in #698
• Bump Serilog.AspNetCore from 4.1.0 to 5.0.0 by @dependabot in #742
• Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.1.0 by @dependabot in #745
• Replace home grown logic of ToSpaceSeparatedString with String.Join by @leastprivilege in #734
• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #776
• Bump actions/setup-dotnet from 1 to 2 by @dependabot in #768
• Bump MinVer from 3.0.0-alpha.1 to 3.0.0-rc.2 by @dependabot in #781
• Add server side session support by @brockallen in #743
• add identity column to persisted grants table by @brockallen in #793
• Bump MinVer from 3.0.0-rc.2 to 3.0.0 by @dependabot in #804
• Bump SimpleExec from 8.0.0 to 9.0.0 by @dependabot in #805
• Update Bullseye by @leastprivilege in #812
• Add minimal build for CodeQL subset by @leastprivilege in #813
• Improve grammar and code readability by @EngRajabi in #800
• update session id and description for user interaction in device flow by @brockallen in #802
• [EF] add back overloaded ctor for accepting store options for DbContexts by @brockallen in #801
• [EF] Add indices to new server-side session tables by @brockallen in #809
• Delete bug_report.md by @leastprivilege in #827
• Update config.yml by @leastprivilege in #828
• Split OpenTelemetry traces into finer grained sources by @leastprivilege in #818
• Reduce noise from key manager logging by @brockallen in #834
• Adopt different logging approach for redistribution license by @brockallen in #811
• Server-side session management features by @brockallen in #820
• Make invalid client behavior consistent in token validator by @brockallen in #835
• [EF] Make persisted grant PK long (from int) by @brockallen in #836
• remove client store use from login page by @brockallen in #863
• Remove setter from Properties on IdentityProvider by @brockallen in #858
• minor reorg of session mgmt service/store/model names, add OTel support by @brockallen in #862
• Bump github/codeql-action from 1 to 2 by @dependabot in #869
• Fix incorrect error path in some pages by @brockallen in #885
• Namespace cleanup by @brockallen in #886
• Fix DI registration to actually allow EF DbContext pooling by @brockallen in #893
• fix sample client compliation errors by @brockallen in #895

New Contributors

• @vcsjones made their first contribution in #663
• @EngRajabi made their first contribution in #800

Full Changelog: 6.0.2...6.1.0

6.1.0 Preview 2

What's Changed

• Optimize trace/debug logging by @leastprivilege in #685
• Use the built-in CSPRNG GetInt32 by @vcsjones in #663
• Cleanup on the UI quickstart code based on template feedback by @brockallen in #688
• update .NET version in console CC sample by @brockallen in #690
• merge forward bug fix for loading api resources by scope by @brockallen in #692
• Add ActivitySource instrumentation for OpenTelemetry tracing by @leastprivilege in #698
• Bump Serilog.AspNetCore from 4.1.0 to 5.0.0 by @dependabot in #742
• Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.1.0 by @dependabot in #745
• Replace home grown logic of ToSpaceSeparatedString with String.Join by @leastprivilege in #734
• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #776
• Bump actions/setup-dotnet from 1 to 2 by @dependabot in #768
• Bump MinVer from 3.0.0-alpha.1 to 3.0.0-rc.2 by @dependabot in #781
• Add server side session support by @brockallen in #743
• add identity column to persisted grants table by @brockallen in #793

New Contributors

• @vcsjones made their first contribution in #663

Full Changelog: 6.0.2...6.1.0-preview.2

IdentityServer 6.0.4

What's Changed

• Add CIBA grant type to discovery when endpoint is enabled. by @leastprivilege in #697
• EF fixes by @brockallen in #705

Full Changelog: 6.0.3...6.0.4

IdentityServer 6.0.3

What's Changed

• bug for loading api resources by scope by @brockallen in #687

Full Changelog: 6.0.2...6.0.3

IdentityServer 6.0.2

What's Changed

• Update documentation link by @Toshik in #669
• Allow empty secret when validating OIDC IDP config by @brockallen in #670

New Contributors

• @Toshik made their first contribution in #669

Full Changelog: 6.0.1...6.0.2

IdentityServer 6.0.1

What's Changed

• Fix OnConfiguring exception from EF when DbContext pooling is enabled by @brockallen in #646

Full Changelog: 6.0.0...6.0.1

IdentityServer 6.0.0

As part of this release we had 304 commits which resulted in 41 issues being closed.

See our upgrade guide to update from the prior version.

bugs

• #358 Fix inconsistency in CustomRedirectResult vs Login and ConsentPageResult
• #416 Fix bug when storing session id in refresh token
• #419 Fix bug in cache removal for DistributedCacheAuthorizationParametersMessageStore
• #619 Fix PostLogout check in AppAuth redirect validator

enhancements

• #263 Update Quickstart UI to use Razor Pages
• #357 Add temporarily_unavailable error support for ConsentResponse
• #388 [EF] Optimize client query to use a single DB round trip
• #389 Replace Uri.TryCreate with Uri.IsWellformedUriString
• #403 [EF] Change DbContext constructors to support pooling
• #404 Encode persisted grant handles to avoid collation issues
• #405 Add cancellation token support at boundaries
• #410 Enhancements to front channel logout iframes
• #414 Reduce usage of HttpContext extension methods
• #415 Add IdentityProvider validator
• #420 Change the cache key separator to use more redis friendly value
• #421 Add feature to the default cache to prevent concurrent reloading of the cache
• #423 Add finer grained IdentityServerBuilderExtensions for registering cookie authentication services
• #425 Change lifetime of nested options in DI to be more multi-tenant friendly
• #431 Change cache design for resource store cache
• #479 Consider SignInWithClaims in the external login quickstart
• #507 Improvement to OidcProvider
• #557 Prevent ASP.NET Core from caching OIDC provider options
• #583 Add warning when using dynamic provider outside http request
• #588 Adjust license validation logic for v6
• #614 Add simple pages for config management to EF quickstart

internals

• #353 For ISV license, reduce startup license log level to trace
• #409 Suppress EF warning about split query behavior
• #418 Remove custom serialization handling for AuthenticationProperties
• #476 add SaveChangesAsync for backwards compat with prior version
• #516 CIBA TODOs
• #550 Handle TaskCanceledException
• #566 Cleanup on the external callback quickstart UI
• #589 Update community edition license validation rules for v6.0
• #601 EF: shorten client redirect URIs
• #613 Update IdentityModel to 6.0 release
• #625 Adjust ASP.NET Identity integration to use EmailClaimType option

new feature

• #498 Add CIBA support

schema changes

• #352 Add TableConfiguration for "Keys" table in operational EF database
• #355 Add unique constraints to EF tables where duplicate records not allowed
• #356 Add missing columns for created, updated, etc to EF entities

IdentityServer 5.2.4

Bugs fixed

• better handling of when user profile is not loaded for x509cert2 usage by @brockallen in #632
• When creating token payload, ignore custom claims used for token validation (e.g. aud, iat, etc) by @brockallen in #633

Full Changelog: 5.2.3...5.2.4