1.1.0-preview1

Features

• AuthZ: Add option for Fail fast (#945)
• AuthenticationTokenExtensions should have an UpdateToken (#916)
• AuthorizationHandlerContext responsibility split up & thread safety (#879)

Bugs Fixed

• How to use AuthorizationEndpoint which contains query string parameters with OAuth. (#988)
• OIDC handler bug in user info response handling for multiple claims of same type (#976)
• CookieAuthenticationHandler, in case using SessionStore, cookieOptions.Expire is not set on renewal (#973)
• Google middleware authorization should use prompt instead of approval_prompt (#971)
• Microsoft.AspNetCore.Authentication.Twitter's package description is incorrect (#962)
• CookieAuthenticationEvents.OnValidatePrincipal can result in a NullReferenceException (#949)
• Returning true from HandleUnauthorizedAsync doesn't prevent the other automatic handlers from being invoked (#930)
• Minor comment cleanup. (#891)
• OpenIdConnect with AAD does not return error_description (#883)
• Authorize(Github) may return a Facebook user (#859)
• Cookie ExpireTimeSpan not honoured using Auzure AD OpenIDConnect authentication (#855)
• Update CookieAuthenticationHandler.ApplyHeaders to honor AuthenticationProperties.RedirectUri (#800)
• Google: Need better way to discover when google+ api not enabled (#53)