Skip to content

7.4.0

Latest
Latest

Choose a tag to compare

View all tags
@kevinchalet kevinchalet released this 12 Mar 18:14
7.4.0
2cf8f4f

This release introduces the following changes:

  • The new mTLS-based OAuth 2.0 client authentication feature introduced in the previous version can now be used with the standard client credentials grant.

  • The mTLS token binding implementation was updated to support anonymous clients (in this case, the base SelfSignedTlsClientAuthenticationPolicy instance attached to the server options is directly used and the IOpenIddictApplicationManager.GetSelfSignedTlsClientAuthenticationPolicyAsync()/IOpenIddictApplicationManager.ValidateSelfSignedTlsClientCertificateAsync() APIs are not used).

  • The OpenIddict.Client.SystemIntegration package now restores the ambient request for marshalled authentication demands so that the OpenIddictRequest instance can be accessed from a custom event handler during a call to the AuthenticateInteractivelyAsync() method.

  • A new DisableIssuerParameterValidation flag was introduced to allow disabling the built-in logic used to validate the iss authorization response parameter. Due to #2428, this flag is set to true for the Google provider for now.

Assets 2
Loading