Dangl.Identity.Client Public Changelog for Version 3.3.1
v3.3.0:
DanglIdentityAuthenticationExtensions.UseDanglIdentityJwtTokenAuthentication now optionally supports to accept access tokens via query parameters, e.g. for usage in SignalR
DanglIdentityServerConfiguration.JwtBearerOptionsConfig was added as a way to customize the AddJwtBearer configuration
v3.2.5
Bugfix in the Angular library where a subscription to the token refresh event did not end after the first event
v3.2.4:
The DanglIdentityAuthenticationExtensions will now log the id of the client used for JWT logins
The DanglIdentityServerConfiguration class now has the AllowInsecureJwtIssuers property that allows to disable the Https requirement for token issuers
v3.2.3:
Fixed a bug in the Angular library where refresh token requests were cancelled when a dependency requested a refresh token but then cancelled the request. This led to the refresh token becoming invalid, thus requiring a reauthentication from the user
v3.2.2:
The Angular library was updated to Angular v10
v3.2.1:
The UseDanglIdentityJwtTokenAuthentication extension will now also work when the configured base urls have a trailing slash /
v3.2.0:
Added the ClaimsUtilities class for helping with managing claims from Jwt tokens
When performing a non-OpenID Cookie login, all user claims except some ignored ones will now be put on the user principal
Fixed an error where the IUserInfoService.GetCurrentUserIdAsync() method could throw an exception when the user id was only present in the sub claim and not in the ASP.NET Core default nameidentifier
v3.1.0:
The OpenID Extensions now remove the default claim type mapping and directly use the claim types from the JWT token, e.g. role is now directly available as a claim
v3.0.0:
Update to Dangl.Identity v3.0.0 and to .NET Core 3.1
The OpenID Connect extensions now check the access_token expiry and refresh the token if necessary. Additionally, locked out or deleted users are now also removed from client applications
When using the OpenID Connect extensions, it internally now calls AddIdentityCore instead of AddIdentity and adds some required services. This might break client applications that rely on services now no longer included. Consumers should manually add these to the dependency injection configuration
The AddMvcWithDanglIdentity extension was renamed to AddControllersWithDanglIdentity and the internal call to AddMvc was replaced with AddControllers. If required, consumers should manually call AddMvc in their apps
The Angular library was updated to Angular v9.1.9
v2.6.0:
Added UserInfo and AccessTokenExtensions in Dangl.Identity.Client
v2.5.2:
Added checks for the UserInfoService in the Dangl.Identity.Client.MVC package to give meaningful error messages in cases of invalid configuration
The generated assemblies now have a strong name. This is a breaking change of the binary API and will require recompilation on all systems that consume this package. The strong name of the generated assembly allows compatibility with other, signed tools. Please note that this does not increase security or provide tamper-proof binaries, as the key is available in the source code per Microsoft guidelines
v2.4.3:
Add RequiredJwtRoles and RequiredJwtClaims to DanglIdentityServerConfiguration to configure required claims and / or roles when using Jwt authentication
v2.4.2:
When UseDanglIdentityJwtAuthentication is enabled on servers, the integrated endpoints for cookie authentication are disabled
CI tests for the .NET components are now also run on Linux
v2.4.1:
Include Id for current user in Angular client AuthenticationMessenger
v2.4.0:
Refactoring of Angular client
v2.3.0:
Update of Dangl.Identity dependencies
Breaking Change: If you're using Dangl.Identity Jwt authentication from the Dangl.Identity.Client.Mvc package, you should set the property UseDanglIdentityJwtAuthentication in the configuration for Dangl.Identity to true and ensure that app.UseDanglIdentityJwtTokenAuthentication() is called early in your request pipeline
v2.2.1:
Bugfix where the Angular library failed to update the current authentication status after failed token refresh attempts
v2.2.0:
An Angular front end package is now available at @dangl/angular-dangl-identity-client
v2.1.0:
Update internal dependencies to latest Dangl.Identity and to ASP.NET Core 2.2
v2.0.8:
Update internal dependencies
v2.0.7:
Fix bug where invalid Jwt tokens led to internal server error responses in Dangl.Identity.Client.Mvc
v2.0.4:
Remove HttpMessageHandler constructor argument from UserInformationTransmissionHttpHandler to be better composable with HttpClientFactory
Add overload to UserInformationTransmissionHttpHandler that allows to supply IHttpContextAccessor to be able to resolve dependencies on the fly from the RequestServices
v2.0.3:
Switch to HttpClientFactory
Introduced DanglIdentityHttpClientAccessor to abstract accessing HttpClient in Dangl.Identity.Client.Mvc services
v2.0.0:
Add support for user identicon id properties
Update to latest version 2.0.1 of Dangl.Identity
Renamed Dangl.Identity.OAuth to Dangl.Identity.Client.Mvc
v1.2.2:
Fix deserialization error of Jwt Bearer tokens to no longer throw exceptions on invalid input in Dangl.Identity.Client.Mvc
v1.2.1:
Dangl.Identity.Client is now public
v1.2.0:
Add support for client-side integration of OpenID with Dangl.Identity as OpenID provider
Add UserInformationTransmissionHttpHandler to share user information for requests contexts across different services
IUserService will now also determine user ids and whether users are authenticated in inter-service calls
See the README for requirements & setup on how to transmit user ids in inter-service requests
The extensions for OAuth as server-side integration now only support either Cookie auth or Jwt, not both. Specifying one will disable the other
v1.1.1:
Add UserInfoService.CLIENT_CLAIM_PREFIX
IUserInfoService.GetCurrentClientIdAsync() now returns a string as ClientId to be in sync with Dangl.Identity
Added ClientCredentialsLoginAsync to DanglIdentityLoginHandler